[Pkg-firebird-general] Bug#264453: buffer overflow condition
Robert Millan
Robert Millan <rmh@debian.org>, 264453@bugs.debian.org
Mon, 09 Aug 2004 00:40:20 +0200
Package: firebird2
Version: 1.5.1
Severity: normal
Tags: security
In file src/jrd/gds.cpp, line 966, there's a buffer overflow condition.
A sys_errlist string is copied into a buffer of unknown size without bounds
checking via strcpy.
Due to the internal interface of the function, one can't obtain the size of
the destination buffer, so unless I'm missing something this bug cannot be
fixed without changing the interface.
This problem might have security implications if an attacker can manage to
put mallicious content in sys_errlist. I'm adding the security tag just in
case.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: kfreebsd-i386 (i386)
Kernel: GNU/kFreeBSD 5.2.1-5
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to C)