celix-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daniel Parker (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CELIX-171) malloc() buffer overflows
Date Fri, 17 Oct 2014 14:27:33 GMT
Daniel Parker created CELIX-171:
-----------------------------------

             Summary: malloc() buffer overflows
                 Key: CELIX-171
                 URL: https://issues.apache.org/jira/browse/CELIX-171
             Project: Celix
          Issue Type: Bug
          Components: Framework, Remote Service Admin
            Reporter: Daniel Parker


framework/private/src/filter.c::filter_parseValue() initializes a local string by calling
strcup("") rather than actually allocating enough memory to store the resulting string.

framework/private/src/filter.c::filter_parseSubstring() uses strlen() to determine how much
memory to allocate, but the actual worst case size is the length of the string plus one for
the trailing '\0'.

remote_services/discovery/private/src/discovery_activator.c::bundleActivator_start() sets
'scope[len] = 0', which is one character past the end of the allocated memory.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message