Project

General

Profile

Bug #6527

Possible access beyond end of string in zpool comment

Added by Jorgen Lundman almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2015-12-21
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

The 'check' pointer is incremented in both the for-loop's update statement,
as well as, in the body of the loop. This means only every second character
is actually checked for low-ascii, and potentially, bytes beyond the
string's null-terminator can be attempted to be accessed.

History

#2

Updated by Electric Monk almost 4 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 2bd7a8d078223b122d65fea49bb8641f858b1409

commit  2bd7a8d078223b122d65fea49bb8641f858b1409
Author: Jorgen Lundman <lundman@lundman.net>
Date:   2015-12-21T04:51:23.000Z

    6527 Possible access beyond end of string in zpool comment
    Reviewed by: George Wilson <george.wilson@delphix.com>
    Reviewed by: Matthew Ahrens <mahrens@delphix.com>
    Reviewed by: Dan McDonald <danmcd@omniti.com>
    Approved by: Gordon Ross <gwr@nexenta.com>

Also available in: Atom PDF