Bugzilla – Bug 181
potential buffer overflow in ldns strncat
Last modified: 2008-05-28 15:30:16 CEST
Created attachment 65 [details]
ldns buffer overflow patch
This affects the source code of ldns, which is shipped in unbound. Therefore I assigned the product to "unbound" and not "ldns". I don't know, if it is open/valid for current version of "ldns".
The included ldns library is using strncat() in a way that a potential buffer overflow might be possible. The occupied size of the target buffer isn't excluded from maximum number of bytes to copy.
See attached patch proposal for detailed information.
fixed in ldns rev. 2652
*** Bug 180 has been marked as a duplicate of this bug. ***