[PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c (original) (raw)

Andrew Hughes ahughes at redhat.com
Wed Aug 1 11:40:43 UTC 2012

• Next message: [PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

java_props_md.c allocates a 64 byte buffer for the return value of setlocale on the stack. However, there appears to be no set limit on the return value:

http://pubs.opengroup.org/onlinepubs/009604499/functions/setlocale.html

and no check in the code to ensure that its length is 63 characters or less (allowing for '\0'). While language and country are defined by ISO, I don't believe there's any limit on the optional encoding and variant entries.

This patch:

http://cr.openjdk.java.net/~andrew/buffer_overflow/webrev.01/jdk.patch

replaces the allocation with a dynamic buffer based on the length of lc.

Original bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497666

Ok for tl? If so, can I have a bug ID?

Thanks,

Andrew :)

Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07

• Next message: [PATCH FOR REVIEW] Potential Buffer Overflow in java_props_md.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the core-libs-dev mailing list