#3484 closed defect (fixed)
Buffer overflow in msTmpFile()
Reported by: | dmorissette | Owned by: | dmorissette |
---|---|---|---|
Priority: | normal | Milestone: | 5.6.4 release |
Component: | MapServer C Library | Version: | 5.6 |
Severity: | normal | Keywords: | |
Cc: | sdlime, aboudreault |
Description
A buffer overflow has been found in msTmpFile() when the ForcedTmpBase param is used.
This issue was found as part of a security audit of the MapServer 5.6 source. All versions going back to 4.10 (and possibly older ones) are affected.
Change History (5)
comment:1 by , 14 years ago
Status: | new → assigned |
---|
comment:2 by , 14 years ago
Cc: | added |
---|
comment:3 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
comment:5 by , 14 years ago
I modified msTmpFile() in r10458 (trunk only) to use snprintf instead of sprintf
Note:
See TracTickets
for help on using tickets.
Committed a fix for the buffer overflow in SVN branch-5-6 r10305 (will be in 5.6.4).
I will also backport the fix to older releases.