Issue 159 in shellinabox: Wrong size passed to strncat() leads to missing null termination or buffer overflow

4 views
Skip to first unread message

shell...@googlecode.com

unread,
Jan 12, 2012, 12:12:01 AM1/12/12
to shell...@googlegroups.com
Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 159 by anders.kaseorg: Wrong size passed to strncat() leads to
missing null termination or buffer overflow
http://code.google.com/p/shellinabox/issues/detail?id=159

A few functions in launcher.c passed sizeof(buffer) to strncat, so long
strings might not be null terminated. Alternatively, if strlcat is
available and strncat is defined in terms of strlcat, this actually causes
a one-character buffer overflow. This patch corrects the size to
sizeof(buffer) - 1.

Attachments:
0001-Fix-miscellaneous-strncat-buffer-overflows.patch 2.7 KB

shell...@googlecode.com

unread,
Jan 18, 2012, 12:34:02 AM1/18/12
to shell...@googlegroups.com

Comment #1 on issue 159 by Jayschwa: Wrong size passed to strncat() leads
to missing null termination or buffer overflow
http://code.google.com/p/shellinabox/issues/detail?id=159

Thank you for the patch.
https://github.com/jayschwa/shellinabox/commit/8f8938fd1477c63b79d5c17f19c9b2288b7336f0

shell...@googlecode.com

unread,
Mar 31, 2012, 7:46:55 PM3/31/12
to shell...@googlegroups.com
Updates:
Status: Fixed

Comment #2 on issue 159 by beewoo...@gmail.com: Wrong size passed to

strncat() leads to missing null termination or buffer overflow
http://code.google.com/p/shellinabox/issues/detail?id=159

Applied for 2.11.

Reply all
Reply to author
Forward
0 new messages