mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 12:02:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug#23498283 - BUFFER OVERFLOW

Browse source 
DESCRIPTION
===========
Buffer overflow is reported in Regex library. This can be
triggered when the data corresponding to argv[1] is >=
512 bytes resutling in abnormal behaviour.

ANALYSIS
========
Its a straight forward case of SEGFAULT where the target
buffer is smaller than the source string to be copied.
A simple pre-copy validation should do.

FIX
===
A check is added before doing strcpy() to ensure that the
target buffer is big enough to hold the to-be copied data.
If the check fails, the program aborts.
This commit is contained in:
Shishir Jaiswal 2016-06-17 10:11:33 +05:30
parent df0d8efaf2
commit 957aefdc8f
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
regex/split.c
View file

@ -159,6 +159,10 @@ char *argv[];
if (argc > 4)
for (n = atoi(argv[3]); n > 0; n--) {
if(sizeof(buf)-1 < strlen(argv[1]))
{
exit(EXIT_FAILURE);
}
(void) strcpy(buf, argv[1]);
}
else if (argc > 3)