DO NOT REPLY [Bug 4357] New: Missing bounds checking in send_files
could lead crash
samba-bugs at samba.org
samba-bugs at samba.org
Fri Jan 26 13:44:34 GMT 2007
https://bugzilla.samba.org/show_bug.cgi?id=4357
Summary: Missing bounds checking in send_files could lead crash
Product: rsync
Version: 2.6.9
Platform: x86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P3
Component: core
AssignedTo: wayned at samba.org
ReportedBy: developer at jungledisk.com
QAContact: rsync-qa at samba.org
In sender.c / send_files the file index read off the wire is used directly for
indexing into the files array without any bounds checking.
This could easily lead to a crash from a malicious client sending bad data.
Since the file list is on the heap and not the stack it seems unlikely this
could be used to trigger a stack attack, but other attacks may be possible.
--
Configure bugmail: https://bugzilla.samba.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the rsync
mailing list