URL: <https://savannah.gnu.org/bugs/?67155>
Summary: buffer overflow due to `strncpy()` Group: GNU Screen Submitter: ensc Submitted: Sa 24 Mai 2025 14:43:42 CEST Category: Crash/Freeze/Infloop Severity: 3 - Normal Priority: 5 - Normal Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Release: 5.0.1 Fixed Release: None Planned Release: None Work Required: None _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Sa 24 Mai 2025 14:43:42 CEST By: Enrico Scholz <ensc> attacher.c contains | void SendCmdMessage(char *sty, char *match, char **av, int query) | | char *sp = SocketPath + strlen(SocketPath); | | strncpy(sp, query, strlen(SocketPath)); This means, when `SocketPath` is filled with more than its half capacity, the `strncpy()` will fill space after its bounds with zeros. _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?67155> _______________________________________________ Nachricht gesendet über Savannah https://savannah.gnu.org/
signature.asc
Description: PGP signature