[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [BUG]Buffer Overflow in string library

There is a potential, though unlikely buffer overflow vulnerability in the function strlcpy() in string.c

size_t strlcpy(char *dest, const char *src, size_t size)
    size_t ret = strlen(src);
    size_t destLen = strLen(dest);
    if (size) {
        size_t len = (ret >= size) ? size-1 : ret;
        memcpy(dest, src, len);
        dest[len] = '\0';
    return ret;

In the event that size is greater than the length of src and dest, dest will be overflowed.  This can be fixed with the following:

if (len >= strlen(dest))
     len = strlen(dest) -1;

I tried fixing it myself, but I was having problems pushing the change to the repo.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.