Ticket #2252 (closed defect: fixed)

Opened 4 years ago

Last modified 4 years ago

Possible buffer overflow in template processing

Reported by: dmorissette Owned by: dmorissette
Priority: normal Milestone: 5.0 release
Component: MapServer C Library Version: svn-trunk (development)
Severity: normal Keywords:
Cc:

Description

There is a small possibility of buffer overflow in processLine() (maptemplate.c). To trigger it you'd need a mapfile with a layer name, group name or metadata entry name longer than 5120 chars which is probably larger than what the parser would accept, but we'll fix it just in case.

Change History

Changed 4 years ago by dmorissette

  • status changed from new to closed
  • resolution set to fixed

Fixed. Will be in 5.0-beta5 (r6669) and in 4.10.3 (r6668).

Note: See TracTickets for help on using tickets.