Opened 13 years ago
Closed 11 years ago
#203 closed defect (fixed)
Unsafe strcat on overlapping strings in owl_zephyr_smartstripped_user
| Reported by: | andersk@mit.edu | Owned by: | andersk@mit.edu |
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | internals | Keywords: | straightforward |
| Cc: |
Description
From owl_zephyr_smartstripped_user:
realm = strchr(out, '@');
…
if (realm) realm[0]='\0';
…
strcat(out, realm+1);
This strcat call might read from the same place it’s writing to, which is invalid and could break if strcat is optimized in certain ways.
Change History (3)
comment:1 Changed 11 years ago by jgross@mit.edu
- Keywords straightforward added
comment:2 Changed 11 years ago by andersk@mit.edu
- Owner set to andersk@mit.edu
- Status changed from new to assigned
comment:3 Changed 11 years ago by andersk@mit.edu
- Resolution set to fixed
- Status changed from assigned to closed
Fixed in ebcdf4d1d62cb8a947fa244068de37c0f8ad7dde.
Note: See
TracTickets for help on using
tickets.
I think this should be easily fixable by appropriate use of g_strdup and/or g_strdup_printf.