[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
Andrew Hughes
ahughes at redhat.com
Wed Aug 1 11:40:43 UTC 2012
java_props_md.c allocates a 64 byte buffer for the return value of setlocale
on the stack. However, there appears to be no set limit on the return value:
http://pubs.opengroup.org/onlinepubs/009604499/functions/setlocale.html
and no check in the code to ensure that its length is 63 characters or less
(allowing for '\0'). While language and country are defined by ISO, I don't
believe there's any limit on the optional encoding and variant entries.
This patch:
http://cr.openjdk.java.net/~andrew/buffer_overflow/webrev.01/jdk.patch
replaces the allocation with a dynamic buffer based on the length of lc.
Original bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497666
Ok for tl? If so, can I have a bug ID?
Thanks,
--
Andrew :)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
More information about the core-libs-dev
mailing list