[BUG] stack smashing in mrt_open_file & tm_format_real_time
Ondrej Zajicek
santiago at crfreenet.org
Mon Apr 12 17:10:25 CEST 2021
On Mon, Apr 12, 2021 at 06:03:10AM +0000, Wydrych, Piotr wrote:
> I took a look at the code and I found something that worries me. First,
> mrt_open_file uses 4kB buffers for path pattern and final name while
> tm_format_real_time uses only 32B buffer for pattern. Second, in call to
> strfusec, it specifies 32B buffer and length of output buffer. But please
> take my findings with a grain of salt, I'm not a C expert :-)
>
> Could you please verify that?
Hello
You are right, it uses buffer length for a different buffer (and uses too
small buffer for strfusec()). Thanks, fixed:
https://gitlab.nic.cz/labs/bird/-/commit/9c41e1ca3e93d4498eaa085139caf1545e08c1d8
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list