Package: privbind
Version: 1.1-1
Severity: normal
It looks to me like privbind is not allocating enough space for the
buffer that is being used for:
sprintf( newpreload, "%s:%s", options.libname, ldpreload );
This needs strlen of both arguments plus 1 byte for the : plus another
byte for the \0 ending, but only +1 is calculated, not 2.
Whether this has security implications or not, I don't know.
--- privbind-1.1/main.c.1 2007-06-16 12:57:33.000000000 -0400
+++ privbind-1.1/main.c 2010-04-01 23:54:32.757701216 -0400
@@ -207,7 +207,7 @@
if( ldpreload==NULL ) {
setenv("LD_PRELOAD", options.libname, FALSE );
} else {
- char *newpreload=malloc(strlen(ldpreload)+strlen(options.libname)+1);
+ char *newpreload=malloc(strlen(ldpreload)+1+strlen(options.libname)+1);
if( newpreload==NULL ) {
fprintf(stderr, "privbind: Error creating preload
environment - out of memory\n");
return 2;
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (900, 'stable'), (800, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.31.12-vs2.3.0.36.28 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages privbind depends on:
ii libc6 2.7-18lenny2 GNU C Library: Shared libraries
privbind recommends no packages.
privbind suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
