Actions
Bug #8447
closedlibrados: buffer overflow in rados_pool_list
% Done:
0%
Source:
Development
Tags:
Backport:
firefly
Regression:
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
When input `len` is small and non-zero `strncat` will correctly avoid overflowing the input buffer, but then `len -= rl;` will cause `len` to wrap around to a large positive value and then additional calls to `strncat` will overflow the input buffer.
Actions