[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [BUG]Buffer Overflow in string library

To: xen-devel@xxxxxxxxxxxxx
From: Steve Calandra <steven.calandra@xxxxxxxxx>
Date: Fri, 13 Sep 2013 17:33:07 -0400
Delivery-date: Sat, 14 Sep 2013 13:38:36 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

There is a potential, though unlikely buffer overflow vulnerability in the function strlcpy() in string.c

size_t strlcpy(char *dest, const char *src, size_t size)
{
    size_t ret = strlen(src);
    size_t destLen = strLen(dest);
    if (size) {
        size_t len = (ret >= size) ? size-1 : ret;
        memcpy(dest, src, len);
        dest[len] = '\0';
    }
    return ret;
}

In the event that size is greater than the length of src and dest, dest will be overflowed. This can be fixed with the following:

if (len >= strlen(dest))

len = strlen(dest) -1;

I tried fixing it myself, but I was having problems pushing the change to the repo.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [BUG]Buffer Overflow in string library
  - From: Matthew Daley

Prev by Date: Re: [Xen-devel] [xen-unstable test] 19268: regressions - FAIL
Next by Date: Re: [Xen-devel] Booting NetBSD in pygrub
Previous by thread: [Xen-devel] [xen-unstable bisection] complete build-i386
Next by thread: Re: [Xen-devel] [BUG]Buffer Overflow in string library
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.