[Dbd-firebird-devel] DBD-Firebird: Buffer Overflow in dbdimp.c
Damyan Ivanov
dmn at debian.org
Sun Mar 22 16:52:13 UTC 2015
> From: Stefan Roas <stefan.roas at fau.de>
> Subject: [Dbd-firebird-devel] Buffer Overflow in dbdimp.c
> To: dbd-firebird-devel at lists.alioth.debian.org
> Date: Fri, 13 Mar 2015 17:36:31 +0100
>
> Hi there,
>
> I found a buffer overflow in dbdimp.c. Error messages in dbdimp.c use
> sprintf to a fix-sized buffer that (quite likely in two cases) might be
> too small to hold the final result.
Thanks for the report and the patch.
I have just released it on CPAN, extending the idea a bit and
replacing all usage of sprintf with snprintf.
I have also reported a bug in the Debian bugtracker and will work for
fixing the issue there.
Cheers,
dam
More information about the Dbd-firebird-devel
mailing list