Package: apt Version: 1.0.9.2 Severity: normal
Dear Maintainer, In examining the sources in method/rsh.cc I ran across the function RSHConn::WriteMsg(....) The first thing it does is make a buffer of 512 bytes, put up to 508 bytes of data in it (the vsnprintf call), and then add at least 14 more bytes of data (the strcat calls). I originally saw this in: Version: 0.9.7.9+deb7u5 I have not created a test for this. I suspect all it takes is a long path in the configured URI. The simplest fix is probably to change the "- 4" on the vsnprintf() to "- 24" or thereabouts. A more complex fix (probably not needed) might send the two strings separately. It also might be wise to consider if the buffer should be enlarged. I have not fully examined other sources for similar code, but do see where this came from in method/ftp.cc. -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.12-0.bpo.1-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages apt depends on: ii debian-archive-keyring 2014.1 ii gnupg 1.4.18-4 ii libapt-pkg4.12 1.0.9.2 ii libc6 2.19-11 ii libgcc1 1:4.9.1-16 ii libstdc++6 4.9.1-16 apt recommends no packages. Versions of packages apt suggests: ii apt-doc 1.0.9.2 ii aptitude 0.6.11-1 ii dpkg-dev 1.17.16 ii python-apt 0.9.3.10 ii synaptic 0.81.2 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
