#3484 closed defect (fixed)
Buffer overflow in msTmpFile()
| Reported by: | dmorissette | Owned by: | dmorissette |
|---|---|---|---|
| Priority: | normal | Milestone: | 5.6.4 release |
| Component: | MapServer C Library | Version: | 5.6 |
| Severity: | normal | Keywords: | |
| Cc: | sdlime, aboudreault |
Description
A buffer overflow has been found in msTmpFile() when the ForcedTmpBase param is used.
This issue was found as part of a security audit of the MapServer 5.6 source. All versions going back to 4.10 (and possibly older ones) are affected.
Change History (5)
comment:1 by , 14 years ago
| Status: | new → assigned |
|---|
comment:2 by , 14 years ago
| Cc: | added |
|---|
comment:3 by , 14 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:5 by , 14 years ago
I modified msTmpFile() in r10458 (trunk only) to use snprintf instead of sprintf
Note:
See TracTickets
for help on using tickets.
Committed a fix for the buffer overflow in SVN branch-5-6 r10305 (will be in 5.6.4).
I will also backport the fix to older releases.