[Bug 1017978] Re: [MIR] libfcgi, ceph (radosgw)
Yehuda Sadeh
1017978 at bugs.launchpad.net
Wed Aug 22 17:21:01 UTC 2012
At the time we went through the entire code base. It didn't make sense going just through the ceph code and not through the radosgw code, they reside on the same tree and share code. Also, the radosgw code size is not as big as it was implied at the time.
In any case, we audited that code again, and it mostly looks ok (other than a single issue of not checking realloc, which was probably missed at the first time). A trivial fix for that is ready. All the other issues have been fixed.
There are a few isolated cases of strcpy/sprintf that are being used. We went through all of them and verified that they are safe (size of source is known, destination has enough space allocated). We can change these, they're pretty trivial. though we're hesitant to add unnecessary changes, we don't want to break anything by mistake.
All in all there are really a few affected call sites, and as I said,
the code in question is really not that big.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libfcgi in Ubuntu.
https://bugs.launchpad.net/bugs/1017978
Title:
[MIR] libfcgi, ceph (radosgw)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1017978/+subscriptions
More information about the Ubuntu-server-bugs
mailing list