ureadahead

buffer overflow in values.c

Bug #485194 reported by Raphael Geissert on 2009-11-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ureadahead	Invalid	High	Unassigned
	ureadahead (Ubuntu)	Fix Released	Low	Kees Cook

Bug Description

The get_value and set_value functions both set the null character at buf[len], but len can be up to sizeof buf, which results in a buffer overflow.
In practice this seems unlikely, if not impossible, to have any effect as the files these functions operate on only contain one or a couple of bytes. Nevertheless, it is a bug.

Related branches

lp:ubuntu/natty/ureadahead

Scott James Remnant (Canonical) (canonical-scott) on 2009-11-23

Changed in ureadahead:
status:	New → Triaged
importance:	Undecided → High

Revision history for this message

Scott James Remnant (Canonical) (canonical-scott) wrote on 2010-04-07:

Moved to Ubuntu bug tracker

Changed in ureadahead (Ubuntu):
status:	New → Triaged
importance:	Undecided → High
Changed in ureadahead:
status:	Triaged → Invalid

Kees Cook (kees) on 2011-03-16

Changed in ureadahead (Ubuntu):
assignee:	nobody → Kees Cook (kees)
importance:	High → Low
status:	Triaged → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-03-17:

This bug was fixed in the package ureadahead - 0.100.0-11

---------------
ureadahead (0.100.0-11) natty; urgency=low

  * src/trace.c: leave room for string termination on reads (LP: #485194).
  * man/ureadahead.8: fix typo and update bug reporting URL (LP: #697770).
  * debian/rules: don't bother with /var/lib/ureadahead mode.
-- Kees Cook <email address hidden> Wed, 16 Mar 2011 17:19:01 -0700

Changed in ureadahead (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.