fix logrotate buffer overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch fixes a buffer overflow in logrotate. The diff was done
against trunk on http://svn.fedorahosted.org/svn/logrotate/

Sorry if this is the wrong place to post this. I didn't see a mailing
list mentioned on the project page at
https://fedorahosted.org/logrotate/

Index: config.c
===================================================================
--- config.c    (revision 319)
+++ config.c    (working copy)
@@ -759,7 +759,7 @@
                                        if (key == NULL)
                                                continue;

-                                       rc = sscanf(key, "%s %s%c", createOwner,
+                                       rc = sscanf(key, "%200s
%200s%c", createOwner,

createGroup, &foo);
                                        if (rc == 3) {
                                                message(MESS_ERROR,
"%s:%d extra arguments for "
@@ -810,7 +810,7 @@
                                        if (key == NULL)
                                                continue;

-                                       rc = sscanf(key, "%o %s %s%c",
&createMode,
+                                       rc = sscanf(key, "%o %200s
%200s%c", &createMode,
                                                        createOwner,
createGroup, &foo);
                                        if (rc == 4) {
                                                message(MESS_ERROR,
"%s:%d extra arguments for "
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux