Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 147546 Details for
Bug 214576
dev-php5/pecl-apc <=3.0.16 Usage of strcpy in apc.c can cause stack corruption with long filenames (CVE-2008-1488)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
pecl-apc-3.0.16-CVE-2008-1488.patch
pecl-apc-3.0.16-CVE-2008-1488.patch (text/plain), 732 bytes, created by
Jan Rieger
on 2008-03-28 14:20:14 UTC
(
hide
)
Description:
pecl-apc-3.0.16-CVE-2008-1488.patch
Filename:
MIME Type:
Creator:
Jan Rieger
Created:
2008-03-28 14:20:14 UTC
Size:
732 bytes
patch
obsolete
>--- apc.c.old 2008-03-26 19:22:02.000000000 +0100 >+++ apc.c 2008-03-26 19:22:23.000000000 +0100 >@@ -331,7 +331,7 @@ > /* not: [no active file] or no path */ > memcpy(fileinfo->fullpath, exec_fname, exec_fname_length); > fileinfo->fullpath[exec_fname_length] = DEFAULT_SLASH; >- strcpy(fileinfo->fullpath +exec_fname_length +1, filename); >+ strlcpy(fileinfo->fullpath +exec_fname_length +1, filename,sizeof(fileinfo->fullpath)-exec_fname_length-1); > /* apc_wprint("filename: %s, exec_fname: %s, fileinfo->fullpath: %s", filename, exec_fname, fileinfo->fullpath); */ > if (apc_stat(fileinfo->fullpath, &fileinfo->st_buf) == 0) { > found = 1;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=147546">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 214576
: 147546
