Summary: | net-p2p/ctorrent: maybe stack oveflow _btf_recurses_directory() function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | solar (RETIRED) <solar> |
Component: | Auditing | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | net-p2p |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
solar (RETIRED)
2005-07-13 18:17:09 UTC
the patch in question is on Bug 98929 http://bugs.gentoo.org/attachment.cgi?id=63343&action=view Not sure it's a good idea to patch only the one we saw. This needs a full audit or a removal. And we should perhaps package.mask it until this is done ? net-p2p : what's your position on this package ? yeah, but you're example is only wrong as you've defined MAXPATHLEN as 1024, when the MAXPATHLEN on your system is longer. a cursory glance suggests ctorrent is using the limits.h definition, so creating a longer path is not possible... Looks safe to me, but Rob is the C++ auditor...any opinion Rob? :) Ahh your right tavis. that 1024 came from within an #ifdef WINDOWS Changing Component to Auditing and downgrading Severity Seems ok to me. I'd like to have a little more time to check the other code though, so please leave the bug open for a little bit. don't really have time for this right now, the issue the bug was filed for seems not to be a concern, so I'll just close. |