Buffer overflow in media change dialog
Created attachment 245204 [details, diff]
fix buffer overflow
xfsdump creates an buffer overflow when -F is not used and the Media Erase dialog is shown.
I don't know whether substituting hardcoded number with slightly larger hardcoded number is good solution. Nevertheless +1 for reporting it upstream. Next time please add link to upstream bug to URL. Thanks!
doesnt seem to be a serious issue as the binaries arent set*id or anything. so let's see what upstream has to say first.
since glibc fortification checks makes xfsdump wirte a core i think it is a serious issue.
UPS ... it's not the change dialog it's is the media erase dialog. BIG SORRY !
"pre-erase (-%c) option specified "
"and non-blank media encountered:\n"
"please confirm media erase "
(unsigned int)drivep->d_index );
build a messeage with min 105 chars and max 117 chars. So "char question[ 120 ];" would be enough but i think 80 unused bytes in a "char question[ 200 ]" arn't the world an the code uses a char question[ 100 ]; also for questions with 37 used bytes.
security issue -> it's serious
just a single user crash with specific option -> not serious
It's a fortification issue that we should have Portage die on, so it's "serious enough"…
fix added to 3.0.5