[Bug 388606] Re: [MIR] librelp

Michael Terry michael.terry at canonical.com
Fri Jul 17 16:36:56 UTC 2009


I asked:
"Any news?  So you're saying that the array of offers is guaranteed to be
small in the two usages of the function in RELP?"

And Rainer replied:
"Yes, for the current version. The offers are generated based on capabilities
and the current code has not enough capabilities to exhaust the buffer.
Anyhow, I'll look at it as soon as I am finished with my rsyslog threading
work. Probably the best cure is count the size and do a realloc() if it is
exhausted. That safes it for future development (it's too easy to forget
about fixing it once other things are developed...).

None of the offers is user-provided, though, so even in this case I don't see
a way to exploit it (except crashing on its own, which is kind of a DoS...)."

** Changed in: librelp (Ubuntu)
       Status: Incomplete => Confirmed

-- 
[MIR] librelp
https://bugs.launchpad.net/bugs/388606
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list