On Wed, Oct 08, 2014 at 02:49:40AM -0400, David Garfield wrote: > Package: apt > Version: 1.0.9.2 > Severity: normal
Thanks for your bugreport. > In examining the sources in method/rsh.cc I ran across the function > RSHConn::WriteMsg(....) > > The first thing it does is make a buffer of 512 bytes, put up to 508 > bytes of data in it (the vsnprintf call), and then add at least 14 > more bytes of data (the strcat calls). Good catch, thanks you! [..] > The simplest fix is probably to change the "- 4" on the vsnprintf() > to "- 24" or thereabouts. A more complex fix (probably not needed) > might send the two strings separately. It also might be wise to > consider if the buffer should be enlarged. > > I have not fully examined other sources for similar code, but do see > where this came from in method/ftp.cc. [..] I fixed this in git and replaced the strcat with a C++ std::string so that we do not run into the fixed buffer issue. I also enlarged the buffer while doing so. Cheers, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
