diff options
| author | Dmitry V. Levin <ldv@altlinux.org> | 2020-04-24 03:27:12 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@altlinux.org> | 2020-04-24 03:27:12 +0000 |
| commit | 924a93a39b61d3699926136713add09db2976fce (patch) | |
| tree | 3839cbe230ff3a4eaae8d4799e46d7f365e0a851 /modules/pam_filter/pam_filter.8.xml | |
| parent | 76916913fc3802ccb5348a69a56fa2bc3946439d (diff) | |
pam_filter: fix potential off-by-one heap buffer overflow
Reported by gcc-10 -Wstringop-overflow:
In file included from /usr/include/string.h:494,
from modules/pam_filter/pam_filter.c:14:
In function 'strcpy',
inlined from 'process_args' at modules/pam_filter/pam_filter.c:137:2,
inlined from 'need_a_filter.isra' at modules/pam_filter/pam_filter.c:618:12:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:90:10: warning: '__builtin_memcpy' writing 6 bytes into a region of size 5 [-Wstringop-overflow=]
90 | return __builtin___strcpy_chk (__dest, __src, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
modules/pam_filter/pam_filter.c: In function 'need_a_filter.isra':
modules/pam_filter/pam_filter.c:128:21: note: at offset 0 to an object with size 5 allocated by 'malloc' here
128 | levp[0] = (char *) malloc(size);
| ^~~~~~~~~~~~
* modules/pam_filter/pam_filter.c (process_args): Fix off-by-one heap
buffer overflow in case of a filter without arguments (argc == 0).
Diffstat (limited to 'modules/pam_filter/pam_filter.8.xml')
0 files changed, 0 insertions, 0 deletions