Bug 832 – No checks for buffer()

Bug 832 - No checks for buffer()


Summary:	No checks for buffer()

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.8.22
Hardware:	PC Linux

Importance:	low high
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2018-05-10 08:31 MDT by Dhiraj
Modified:	2018-05-10 08:39 MDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dhiraj 2018-05-10 08:31:03 MDT

Hi Team, 

The code /lib/zlib/gzlib.c:614 

i.e
    
strcat(state->msg, msg);

Does not check for buffer overflows when copying to destination which is 
[MS-banned] (CWE-120). 

using snprintf, strcpy_s, or strlcpy (strncpy easily misused).


Request team to please have a look.


Thank you 
Dhiraj

Comment 1 Todd C. Miller 2018-05-10 08:39:40 MDT

If you take a closer look you will see that code is only used when NO_snprintf or NO_vsnprintf is defined.  Those are never defined when zlib is built as part of sudo.