'[Gpsd-dev] [PATCH] Fix insecure buffer handling in gpsd'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gpsd-dev
Subject:    [Gpsd-dev] [PATCH] Fix insecure buffer handling in gpsd
From:       esr () thyrsus ! com (Eric S !  Raymond)
Date:       2005-01-14 17:54:26
Message-ID: 20050114175426.GA12255 () thyrsus ! com
[Download RAW message or body]

Petter Reinholdtsen <pere@hungry.com>:
> 
> I found this bug by accident, while reading the code.
> 
> If the read() call on socket connected to a client is returning a
> negative number, memory outside 'buf' might be written to.
> 
> For example, if read() return -1, "buf[-1] = '\0'" would be invoked.
> This would result in undefined behaviour.
> 
> This patch fixes the problem, as well as moves the scope of buf and
> buflen into the block where it is used.

Applied.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic