Bug 11858 - Probable of by one buffer overflow in .../xorgconfig/xorgconfig.c
Summary: Probable of by one buffer overflow in .../xorgconfig/xorgconfig.c
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: All All
: low normal
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
Keywords: janitor, patch
Depends on:
Reported: 2007-08-06 01:59 UTC by Roland "Test-tools" Bär
Modified: 2007-08-06 12:42 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

trivial patch for hw/xfree86/utils/xorgconfig/xorgconfig.c (785 bytes, patch)
2007-08-06 02:00 UTC, Roland "Test-tools" Bär
no flags Details | Splinter Review

Description Roland "Test-tools" Bär 2007-08-06 01:59:05 UTC
In xorgconfig.c around line 2444
            if (len > sizeof(cur))
            strncpy(cur, thisdir, len);
            cur[len] = '\0';
border case, len==sizeof(cur) the following null terminating code will overrun by one.

Please apply attached patch ...
Comment 1 Roland "Test-tools" Bär 2007-08-06 02:00:17 UTC
Created attachment 11005 [details] [review]
trivial patch for hw/xfree86/utils/xorgconfig/xorgconfig.c
Comment 2 Alan Coopersmith 2007-08-06 12:42:01 UTC
Fix committed to Xorg head for upcoming Xorg-server 1.4 release - thanks!

commit f6aa2200f2fb4f4d4bb51e67d68e86aabcac0c4b
Author: Roland "Test-tools" Bär <roland@verifysoft.de>
Date:   Mon Aug 6 12:37:52 2007 -0700

    Probable off by one buffer overflow in .../xorgconfig/xorgconfig.c
    X.Org Bug #11858 <http://bugs.freedesktop.org/show_bug.cgi?id=11858>
    Patch #11005 <http://bugs.freedesktop.org/attachment.cgi?id=11005>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.