Here is a patch to fix a buffer overflow in CVS revision 1.29 of
samples/SAX2Count/SAX2Count.cpp.
The code used strcpy() to place a user-supplied command line option into a
64-byte buffer localeStr. I've replaced this with a strncpy call instead.
Yes, I know it's trivial, but it could potentially be a problem, so I
thought it would be best to report it.
PS: In Xerces-C++ for Solaris (binary build), you can trigger the overflow
with 265 bytes of input data to the '-locale' command-line option.
Thanks,
Matt Hall
Verizon Wireless
*** SAX2Count.pcc Tue Mar 15 18:59:37 2005
--- SAX2Count.cpp Tue Mar 15 19:04:37 2005
***************
*** 248,254 ****
else if (!strncmp(argV[argInd], "-locale=", 8))
{
// Get out the end of line
! strcpy(localeStr, &(argV[argInd][8]));
}
else
{
--- 248,254 ----
else if (!strncmp(argV[argInd], "-locale=", 8))
{
// Get out the end of line
! strncpy(localeStr, &(argV[argInd][8]), sizeof localeStr);
}
else
{
***************
*** 431,434 ****
return 0;
}
-
--- 431,433 ----
___________________________________________________________________
The information contained in this message and any attachment may be
proprietary, confidential, and privileged or subject to the work
product doctrine and thus protected from disclosure. If the reader
of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately by replying to this message and deleting it and all
copies and backups thereof. Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
