Bug #8447: librados: buffer overflow in rados_pool_list - Ceph - Ceph

Actions

Copy link

Bug #8447

closed

librados: buffer overflow in rados_pool_list

Added by Noah Watkins almost 10 years ago. Updated almost 10 years ago.

Status:

Resolved

Priority:

High

Assignee:

Sage Weil

Category:

Target version:

% Done:

Source:

Development

Tags:

Backport:

firefly

Regression:

Severity:

3 - minor

Reviewed:

Affected Versions:

ceph-qa-suite:

Pull request ID:

Crash signature (v1):

Crash signature (v2):

Description

When input `len` is small and non-zero `strncat` will correctly avoid overflowing the input buffer, but then `len -= rl;` will cause `len` to wrap around to a large positive value and then additional calls to `strncat` will overflow the input buffer.

History
Property changes
Associated revisions

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Bug #8447

librados: buffer overflow in rados_pool_list

Updated by Sage Weil almost 10 years ago

Updated by Sage Weil almost 10 years ago

Updated by Sage Weil almost 10 years ago

Updated by Sage Weil almost 10 years ago

Updated by Sage Weil almost 10 years ago