This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
- From: "jgeisler at cse dot taylor dot edu" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 18 Mar 2010 12:14:05 -0000
- Subject: [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
- References: <20100318032449.11397.jgeisler@cse.taylor.edu>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From jgeisler at cse dot taylor dot edu 2010-03-18 12:14 -------
After a good night's sleep, I realized that the summary line was incorrectly
describing the problem. cuserid() doesn't cause a buffer overflow, but since it
may not NUL-terminate a C-string, the code that uses the buffer may overrun the
array. If the calling code isn't careful with size and expects the terminating
NUL (e.g., using strcpy() instead of strncpy()), then buffer overflows can occur.
--
What |Removed |Added
----------------------------------------------------------------------------
Summary|calls to cuserid() can |calls to cuserid() can
|result in buffer overflows |result in buffer overruns
| |and/or overflows
http://sourceware.org/bugzilla/show_bug.cgi?id=11397
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.