This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows


------- Additional Comments From jgeisler at cse dot taylor dot edu  2010-03-18 12:14 -------
After a good night's sleep, I realized that the summary line was incorrectly
describing the problem.  cuserid() doesn't cause a buffer overflow, but since it
may not NUL-terminate a C-string, the code that uses the buffer may overrun the
array.  If the calling code isn't careful with size and expects the terminating
NUL (e.g., using strcpy() instead of strncpy()), then buffer overflows can occur.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|calls to cuserid() can      |calls to cuserid() can
                   |result in buffer overflows  |result in buffer overruns
                   |                            |and/or overflows


http://sourceware.org/bugzilla/show_bug.cgi?id=11397

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]