[axel-devel] [axel-Bugs][311569] Possible buffer overflow in main.
axel-bugs at alioth.debian.org
axel-bugs at alioth.debian.org
Mon Apr 27 14:24:30 UTC 2009
Bugs item #311569, was changed at 2009-03-31 00:12 by Y Giridhar Appaji Nag
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413085&aid=311569&group_id=100070
>Status: Closed
Priority: 5
Submitted By: Nobody (None)
Assigned to: Giridhar Appaji Nag Yasa (appaji)
Summary: Possible buffer overflow in main.
Initial Comment:
Hello.
Sloppy strncpy/strncat usage present. A buffer overflow is triggered if the length of the constructed output file path grows over 1024 characters:
text.c: In function 'main':
text.c:167: warning: ignoring return value of 'scanf', declared with attribute
warn_unused_result
In function 'strncat',
inlined from 'main' at text.c:255:
/usr/include/bits/string3.h:153: warning: call to __builtin___strncat_chk might overflow destination buffer.
I try push axel in Fedora contribution, but this error marked us stop bug - https://bugzilla.redhat.com/show_bug.cgi?id=454980#c14
----------------------------------------------------------------------
>Comment By: Giridhar Appaji Nag Yasa (appaji)
Date: 2009-04-27 19:54
Message:
Released 2.4 with this change.
----------------------------------------------------------------------
Comment By: Philipp Hagemeister (phihag-guest)
Date: 2009-04-02 18:00
Message:
Assigning to Giridhar, to be closed upon 2.4 release.
----------------------------------------------------------------------
Comment By: Philipp Hagemeister (phihag-guest)
Date: 2009-04-02 04:19
Message:
Fixed in rev97. I'm closing this bug as soon as we release a new version (probably in the next hours or days)
----------------------------------------------------------------------
You can respond by visiting:
https://alioth.debian.org/tracker/?func=detail&atid=413085&aid=311569&group_id=100070
More information about the axel-devel
mailing list