Bug 3733 - Potential buffer overflow in http driver
: Potential buffer overflow in http driver
Status: RESOLVED FIXED
: XIO
Globus XIO
: 4.0.0
: PC All
: P3 normal
: ---
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2005-09-07 11:26 by
Modified: 2005-09-20 10:48 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2005-09-07 11:26:12
(From Joe Link)

Just tripped on this today:

in globus_i_xio_http_client_write_request()

char     size_buffer[sizeof(globus_size_t)+3];

with the largefile post test (525), that buffer gets filled with
"4194304\r\n" and is overrun.  Which, in my case, corrupts the fifo on
the stack and causes a segv.  (this is with gcc-4.0.1, which is probably
relevant, as mike couldn't reproduce it on his system with an older gcc)
------- Comment #1 From 2005-09-20 10:48:34 -------
Fix committed to 4.0 branch and trunk