> char *p, *q, *pathend;
> char *element;
> int len;
>
> pathend = path + strlen(path);
> p = path + 1;
> q = strchr(p, '/');
> if (!q)
> q = pathend;
>
> len = q - p;
> element = malloc(len + 1);
> if (element == NULL)
> return 1;
>
> strncpy(element, p, len);
> element[len] = '\0';
>
>
Hi,
@@ -381,6 +380,9 @@
if (!q) q=pathend;
len = q-p;
+ element = malloc(len + 1);
Are you sure that this can't overflow?
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-ro
On Thu, Jan 22, 2009 at 10:01:13PM +, Stu Teasdale wrote:
>
> "I can see that the patch was adjusted several times and the current
> version still has the code that sends the entire tree, could that
> somehow be used for a DoS attack?"
sending the entire tree through the network is also tri
Thanks for the report and patches. Just to clarify one point raised by
the debian security team:
"I can see that the patch was adjusted several times and the current
version still has the code that sends the entire tree, could that
somehow be used for a DoS attack?"
Thanks,
Stuart
--
>From
4 matches
Mail list logo
