Bug 181 - potential buffer overflow in ldns strncat
potential buffer overflow in ldns strncat
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
unspecified
Other Linux
: P2 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-27 11:02 CEST by Klaus Singvogel
Modified: 2008-05-28 15:30 CEST (History)
1 user (show)

See Also:


Attachments
ldns buffer overflow patch (648 bytes, patch)
2008-05-27 11:02 CEST, Klaus Singvogel
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Klaus Singvogel 2008-05-27 11:02:52 CEST
Created attachment 65 [details]
ldns buffer overflow patch

This affects the source code of ldns, which is shipped in unbound. Therefore I assigned the product to "unbound" and not "ldns". I don't know, if it is open/valid for current version of "ldns".

The included ldns library is using strncat() in a way that a potential buffer overflow might be possible. The occupied size of the target buffer isn't excluded from maximum number of bytes to copy.

See attached patch proposal for detailed information.
Comment 1 Jelte Jansen 2008-05-28 15:13:00 CEST
fixed in ldns rev. 2652
Comment 2 Jelte Jansen 2008-05-28 15:30:16 CEST
*** Bug 180 has been marked as a duplicate of this bug. ***