URL:
<http://savannah.gnu.org/bugs/?43863>
Summary: socket.c buffer overrun
Project: GNU Screen
Submitted by: megamansec3
Submitted on: Sun 21 Dec 2014 10:20:35 PM GMT
Category: Crash/Freeze/Infloop
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 4.2.1
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Details:
Hi,
In socket.c on line 204, a buffer overrun may occur of 3 bytes due to
incorrect calculation.
204 cmatch = (*(n + matchlen) == 0);
As it does not account for the matchlen
n = 3
matchlen = 255
Thanks,
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43863>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
