Possibile buffer overrun in Foundation/EventLogChannel #124

Closed
mar-na opened this Issue Mar 11, 2013 · 3 comments

Projects

None yet

3 participants

@mar-na
mar-na commented Mar 11, 2013

Hello,

I found in the current implementation (1.4.6) a possible buffer overrun in EventLogChannel.

EventLogChannel::EventLogChannel():
_logFile("Application"),
_h(0)
{
#if defined(POCO_WIN32_UTF8)
wchar_t name[256];
int n = GetModuleFileNameW(NULL, name, sizeof(name));
// ...
}
wchar_t name[256];
// -> array with 256 elements created
int n = GetModuleFileNameW(NULL, name, sizeof(name));
// -> Try to read 512 elements !!! because the length of one wchar_t is 2

Fixed version:

EventLogChannel::EventLogChannel():
_logFile("Application"),
_h(0)
{
static const int length = 256;
#if defined(POCO_WIN32_UTF8)
wchar_t name[length];
int n = GetModuleFileNameW(NULL, name, length);
// ...
}
@aleks-f
Member
aleks-f commented Mar 13, 2013

fixed in develop: ad66c4a

@aleks-f aleks-f was assigned Mar 13, 2013
@mar-na
mar-na commented Apr 18, 2013

Exists also in a other function
see #156

@obiltschnig
Member

fixed for 1.4.6p2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment