URL:
<http://savannah.gnu.org/bugs/?28446>
Summary: No checks are made for unteminated strings in RPC
messages
Project: The GNU Hurd
Submitted by: hammy
Submitted on: Wed 30 Dec 2009 08:42:20 PM CET
Category: None
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Reproducibility: None
Size (loc): None
Planned Release: None
Effort: 0.00
Wiki-like text discussion box:
_______________________________________________________
Details:
Strings in RPCs, such as the filename argument to a dir_lookup,
are not checked if they are terminated by '\0'. This could lead
to the server segfaulting if it tries to read the string.
Making MIG check that strings are terminated seems like the
proper fix.
I have attached a program that sends an unterminated dir_lookup to
its first argument, which can be used to test how translators
react. For instance, ext2fs reacts by sending ENAMETOOLONG.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Wed 30 Dec 2009 08:42:20 PM CET Name: unterm-path.c Size: 6kB By:
hammy
<http://savannah.gnu.org/bugs/download.php?file_id=19398>
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?28446>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
