[Pkg-xfce-devel] xfce4-mpc-plugin buffer overflows
huggie at earth.li
Mon Dec 8 23:33:37 UTC 2008
We had a user in Debian who was having problems with the
xfce4-mpc-plugin and a long password. It turned out that passwords
longer than about 30 characters were causing buffer overflows.
I looked into it and found a few problems. There are lots of sprintfs
into buffers with strings which contain untrusted input.
I've fixed some in the attached patch against 0.3.3 although I want it
to be reviewed at some point.
I also couldn't see a nice way to return an error message back to the
user and I'm not really a GTK coder in anyway :)
You may well choose to fix these issues in a different way in which case
we'd love to see the patch to get it into Debian.
Anyway, if you have some time to review the patch it'd be great.
----------( "Everyone who is alive, please raise your hand. )----------
Simon ----( See, told ya," - Rimmer. )---- Nomis
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 7494 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xfce-devel/attachments/20081208/76dbb358/attachment-0001.diff
More information about the Pkg-xfce-devel