Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#3484 closed defect (fixed)

Buffer overflow in msTmpFile()

Reported by: dmorissette Owned by: dmorissette
Priority: normal Milestone: 5.6.4 release
Component: MapServer C Library Version: 5.6
Severity: normal Keywords:
Cc: sdlime, aboudreault


A buffer overflow has been found in msTmpFile() when the ForcedTmpBase? param is used.

This issue was found as part of a security audit of the MapServer 5.6 source. All versions going back to 4.10 (and possibly older ones) are affected.

Change History (5)

comment:1 Changed 5 years ago by dmorissette

  • Status changed from new to assigned

Committed a fix for the buffer overflow in SVN branch-5-6 r10305 (will be in 5.6.4).

I will also backport the fix to older releases.

comment:2 Changed 5 years ago by dmorissette

  • Cc aboudreault added

comment:3 Changed 5 years ago by dmorissette

  • Resolution set to fixed
  • Status changed from assigned to closed

Backported fix to SVN branch-5-4 (r10310), branch-5-2 (r10311), branch-5-0 (r10312) and branch-4-10 (r10313)


comment:4 Changed 5 years ago by dmorissette

Applied fix to SVN trunk r10318

comment:5 Changed 5 years ago by dmorissette

I modified msTmpFile() in r10458 (trunk only) to use snprintf instead of sprintf

Note: See TracTickets for help on using tickets.