Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CID 401: STRING_OVERFLOW in ptload #1434

Closed
brong opened this issue Aug 29, 2011 · 1 comment
Closed

CID 401: STRING_OVERFLOW in ptload #1434

brong opened this issue Aug 29, 2011 · 1 comment
Assignees
@elliefm
Labels
2.4 affects 2.4 2.5 affects 2.5 3.0 affects 3.0 3.1 affects 3.1 dev releases bug diceroll assigned by dice roll IMAP P3

Comments

@brong
Copy link
Member

brong commented Aug 29, 2011

From: Greg Banks
Bugzilla-Id: 3540
Version: 2.4.x (next)
Owner: Bron Gondwana
@brong
Copy link
Member Author

brong commented Aug 29, 2011

From: Greg Banks

Found by Coverity. A string from the imapd.conf file is copied into a fixed size data structure with the only length check being strncpy(), which might leave an unterminated string.

427 fname = libcyrus_config_getstring(CYRUSOPT_PTLOADER_SOCK);
At conditional (11): "!fname" taking true path
428 if (!fname) {
429 tofree = strconcat(config_dir, PTS_DBSOCKET, (char *)NULL);
430 fname = tofree;
431 }
432
433 memset((char *)&srvaddr, 0, sizeof(srvaddr));
434 srvaddr.sun_family = AF_UNIX;
Event fixed_size_dest: You might overrun the 108 byte fixed-size string "srvaddr.sun_path" by copying "fname" without checking the length.
435 strcpy(srvaddr.sun_path, fname);
436 r = nb_connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr), PT_TIMEOUT_SEC);

@brong brong self-assigned this Dec 13, 2016
@brong brong added the diceroll assigned by dice roll label Jun 27, 2017
@brong brong assigned elliefm and unassigned brong Jun 27, 2017
elliefm added a commit that referenced this issue Jun 28, 2017
@elliefm
auth_pts: make sure socket fname will fit in buffer
1bc53d7 
Fixes #1434
elliefm added a commit that referenced this issue Jun 28, 2017
@elliefm
auth_pts: make sure socket fname will fit in buffer
a5f3762 
Fixes #1434
@elliefm elliefm added 2.4 affects 2.4 2.5 affects 2.5 3.0 affects 3.0 3.1 affects 3.1 dev releases labels Jun 28, 2017
elliefm added a commit that referenced this issue Jun 28, 2017
@elliefm
auth_pts: make sure socket fname will fit in buffer
43fce4b 
Fixes #1434
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elliefm elliefm

Labels
2.4 affects 2.4 2.5 affects 2.5 3.0 affects 3.0 3.1 affects 3.1 dev releases bug diceroll assigned by dice roll IMAP P3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brong @elliefm