Re: [PATCH] Fix buffer overflow from expanding long keyword values

From: John Peacock <jpeacock_at_rowman.com>
Date: 2005-11-02 16:43:30 CET

Ken Case wrote:
> We just fixed a buffer overflow which we encountered when expanding
> long keyword values: the code in translate_keyword_subst tries to
> truncate the keyword values to fit within the fixed-size buffer which
> was passed to it, but it doesn't take into account the amount of space
> used by the keyword itself.

That's really bad! This probably should be in 1.3, even though I
believe that code was unchanged from before the recent-ish
keywords-as-hash changes.

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Wed Nov 2 16:45:05 2005

This message: [ Message body ]
Next message: Julian Foad: "Re: Sharing libsvn_fs_* internals [was: "Locked" messages useless]"
Previous message: Glenn A. Thompson: "Re: Sharing libsvn_fs_* internals [was: "Locked" messages useless]"
In reply to: Ken Case: "[PATCH] Fix buffer overflow from expanding long keyword values"
Next in thread: Philip Martin: "Re: [PATCH] Fix buffer overflow from expanding long keyword values"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]