[rrd-developers] buffer overflow in global_ctx
Tobias Oetiker
tobi at oetiker.ch
Thu Jul 10 15:20:03 CEST 2008
Hi Matthew,
hmm .. at least in svn the code is in sync ... it was fixed in
r1391 | oetiker | 2008-06-01 22:31:12 +0200 (Sun, 01 Jun 2008) | 2 lines
fliped order of rrd_context entries to match up with what is
defined in rrd.h (based on debian bug 450578)
Apr 10 Matthew Boyle wrote:
> lines 27 and 28 of rrd_not_thread_safe.c are the wrong way round. as a
> result, global_ctx->rrd_error points to a 256 byte buffer, while
> global_ctx->len claims it's 4096 bytes.
>
> this means a long enough error message can lead to a buffer overflow in
> rrd_set_error().
>
> the attached patch (against the SVN snapshot) fixes this.
>
> --matt
>
>
>
--
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900
More information about the rrd-developers
mailing list