URL:
<http://savannah.cern.ch/bugs/?93772>
Summary: Possibility of buffer overrun in XrdSecsss
Project: XROOTD
Submitted by: dhsmith
Submitted on: 2012-04-17 09:21
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Fixed by commit(s):
_______________________________________________________
Details:
In XrdSecProtocolsss::Authenticate (XrdSecProtocolsss.cc), the buffer used to
store the SecEntity strings is allocated based on the length of the relevant
names as sent by the client. If the strings decKey.Data.User or
decKey.Data.Grup are substituted for the user/group name sent by the client
(i.e. depending on the server's key user/group names) there is the
possibility of overrunning the buffer.
_______________________________________________________
Reply to this item at:
<http://savannah.cern.ch/bugs/?93772>
_______________________________________________
Message sent via/by LCG Savannah
http://savannah.cern.ch/
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
|