Chameleon

Issue 151: Possible buffer overflow in loadConfigFile

Reported by J Guerrero, Aug 19, 2011

Steps to reproduce the problem:
1. saio_types.h declares config_file_t with a plist of 4096 chars.
2. stringTable.c in function loadConfigFile reads on plist 
IO_CONFIG_DATA_SIZE
3. IO_CONFIG_DATA_SIZE is defined to be 163840 on bootstruct.h

Expected result:
   
Actual result:
   buffer overflow reading up to 16KB plist in a 4KB buffer.

Comment 1 by Cosmosis Jones, Aug 19, 2011

Labels: Target:2.1
Status: Accepted

Comment 2 by Cosmosis Jones, May 8, 2012

Status: Fixed
Owner: cosmo1t

Created: 12 years 7 months ago by J Guerrero

Updated: 11 years 10 months ago

Status: Fixed

Owner: Cosmosis Jones

Followed by: 1 person

Labels:
Priority:Medium
Type:Defect
Target:2.1