URL: <https://savannah.gnu.org/bugs/?67155>
Summary: buffer overflow due to `strncpy()`
Group: GNU Screen
Submitter: ensc
Submitted: Sa 24 Mai 2025 14:43:42 CEST
Category: Crash/Freeze/Infloop
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 5.0.1
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Sa 24 Mai 2025 14:43:42 CEST By: Enrico Scholz <ensc>
attacher.c contains
| void SendCmdMessage(char *sty, char *match, char **av, int query)
|
| char *sp = SocketPath + strlen(SocketPath);
|
| strncpy(sp, query, strlen(SocketPath));
This means, when `SocketPath` is filled with more than its half capacity, the
`strncpy()` will fill space after its bounds with zeros.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?67155>
_______________________________________________
Nachricht gesendet über Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
