The buffer filled from the network by cfservd is not null-terminated,
but it is passed to some routines that want it null-terminated. In
particular, the AIX sscanf() routine appears to run strlen() on it.
\"/home/project-releases/tmp/cfengine-2.1.17/src/item.c\", line 1129:
(READ_OVERFLOW)
>> sscanf(sp,format,node);
String is not null terminated within range: sp
Reading : 0x2055f754
From block: 0x2055f754 thru 0x20560753 (4096 bytes)
recvbuffer, declared at cfservd.c, 1538
Stack trace where the error occurred:
SplitStringAsItemList() item.c, 1129
MatchClasses() cfservd.c, 1569
BusyWithConnection() cfservd.c, 1238
HandleConnection() cfservd.c, 1149
\"src/bos/usr/ccs/lib/libc/scanf.c\", line unknown: (READ_OVERFLOW)
String is not null terminated within range: <argument 1>
Reading : 0x2055f754
From block: 0x2055f754 thru 0x20560753 (4096 bytes)
recvbuffer, declared at cfservd.c, 1538
Stack trace where the error occurred:
strlen() (interface)
sscanf()
../../../../../../../src/bos/usr/ccs/lib/libc/scanf.c
SplitStringAsItemList() item.c, 1129
MatchClasses() cfservd.c, 1569
BusyWithConnection() cfservd.c, 1238
HandleConnection() cfservd.c, 1149
--
Joe Buehler
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://lists.gnu.org/mailman/listinfo/help-cfengine
