[axel-devel] [axel-Bugs][311569] Possible buffer overflow in main.

axel-bugs at alioth.debian.org axel-bugs at alioth.debian.org
Wed Apr 1 22:49:54 UTC 2009


Bugs item #311569, was opened at 2009-03-30 18:42
Status: Open
Priority: 4
Submitted By: Nobody (None)
Assigned to: Philipp Hagemeister (phihag-guest)
Summary: Possible buffer overflow in main. 


Initial Comment:
Hello.

Sloppy strncpy/strncat usage present. A buffer overflow is triggered if the length of the constructed output file path grows over 1024 characters:

text.c: In function 'main':
text.c:167: warning: ignoring return value of 'scanf', declared with attribute
warn_unused_result
In function 'strncat',
    inlined from 'main' at text.c:255:
/usr/include/bits/string3.h:153: warning: call to __builtin___strncat_chk might overflow destination buffer.

I try push axel in Fedora contribution, but this error marked us stop bug - https://bugzilla.redhat.com/show_bug.cgi?id=454980#c14

----------------------------------------------------------------------

>Comment By: Philipp Hagemeister (phihag-guest)
Date: 2009-04-01 22:49

Message:
Fixed in rev97. I'm closing this bug as soon as we release a new version (probably in the next hours or days)

----------------------------------------------------------------------

You can respond by visiting: 
http://alioth.debian.org/tracker/?func=detail&atid=413085&aid=311569&group_id=100070



More information about the axel-devel mailing list