[patch] fix buffer overflow in debugger's socket handler
Kees Cook
kees at ubuntu.com
Thu Aug 27 09:36:35 PDT 2009
Hi,
On Thu, Aug 27, 2009 at 05:00:54PM +0100, Andrew John Hughes wrote:
> 2009/8/27 Matthias Klose <doko at ubuntu.com>:
> > Description: buffer not large enough for maximum size of debugger warning.
> > (Largest error could be 73 bytes long: "handshake failed - received >Here's
> > a poke < - excepted >JDWP-Handshake<")
> > Ubuntu: https://launchpad.net/bugs/419018
> > Upstream: https://bugs.openjdk.java.net/show_bug.cgi?id=100103
> >
> > This should go both to the IC6 trunk and the 1.6 branch.
> >
> > Matthias
> >
>
> Patches should be approved before being committed to the release
> branch, and ideally for HEAD as well. I don't see any comments on
> this post, yet the patch was just pushed to both.
I haven't seen the commit, but it should also probably match the very
recent upstream commit, which is slightly different from my more minimal
approach:
http://cr.openjdk.java.net/~alanb/6432567/webrev.00/jdk.patch
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the distro-pkg-dev
mailing list