kern/45633: Improper string handling in cnmagic.c

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/45633: Improper string handling in cnmagic.c
From: christianbiere%gmx.de@localhost
Date: Sat, 19 Nov 2011 12:35:00 +0000 (UTC)

>Number:         45633
>Category:       kern
>Synopsis:       Improper string handling in cnmagic.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Nov 19 12:35:00 +0000 2011
>Originator:     Christian Biere
>Release:        
>Organization:
>Environment:
>Description:
File: sys/kern/cnmagic.c
Function: cn_set_magic()

1. The code accesses the byte after the NUL byte of "magic".
2. The code assigns cn_magic[i] once from uninitalized memory m[i].

Function: cn_get_magic()

3. The length restriction by the parameter maglen is completely ignored.
4. If cn_magic_set() was called with an empty string "" as parameter, it is 
expanded to "\x27\x02".


>How-To-Repeat:

>Fix:

Prev by Date: Re: bin/36394 (awk tolower/toupper functions don't support multibyte charsets)
Next by Date: Re: kern/45633: Improper string handling in cnmagic.c
Previous by Thread: Re: kern/45625 (Linux compatibility: MongoDB needs rt_sigtimedwait)
Next by Thread: Re: kern/45633: Improper string handling in cnmagic.c
Indexes:

Home | Main Index | Thread Index | Old Index