On 9/20/07, Graham, Simon <[EMAIL PROTECTED]> wrote:
> There is a buffer overrun issue in the cl_log.c code if the entity name
> passed to cl_log_set_entity or cl_direct_log is larger than MAXENTITY -
> although the code uses strncpy() to copy the string, this will NOT add a
> NUL character if the string is too long. This showed up using the
> ccm_testclient sample program which passes argv[0] as the entity name
> and which ends up writing garbage to stdout.

applied:
    http://hg.beekhof.net/lha/crm-dev/rev/2c572a1d30f4

thanks!

>
> Fix is trivial - make sure that the last char in the array is a NUL;
> patch attached - builds when applied to 2.0.1; it seems that the latest
> dev version doesn't build on Rhel4.2 anymore -- rpmbuild whines about
> null macros and missing %endif's in the spec file.
>
> Simon
>
> _______________________________________________________
> Linux-HA-Dev: [email protected]
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
>
>
>
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to