[OPEN-ILS-DEV] PATCH: sha.c (buffer overflow)

Scott McKellar mck9 at swbell.net
Sun Aug 5 10:51:44 EDT 2007


In sha.c, the static buffer named "final" is one byte too small.  As a
result, when we fill it, we place a terminal nul one byte past the end
of the buffer.  The results may range from the harmless to the
catastrophic, depending on what that byte is used for, if anything.

This patch embiggens the buffer by one.

Scott McKellar
http://home.swbell.net/mck9/ct/

Developer's Certificate of Origin 1.1 By making a contribution to
this project, I certify that:

(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license indicated
in the file; or

(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source license
and I have the right under that license to submit that work with
modifications, whether created in whole or in part by me, under the
same open source license (unless I am permitted to submit under a
different license), as indicated in the file; or

(c) The contribution was provided directly to me by some other person
who certified (a), (b) or (c) and I have not modified it; and

(d) In the case of each of (a), (b), or (c), I understand and agree
that this project and the contribution are public and that a record
of the contribution (including all personal information I submit
with it, including my sign-off) is maintained indefinitely and may
be redistributed consistent with this project or the open source
license indicated in the file.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sha_c_1.patch
Type: text/x-patch
Size: 416 bytes
Desc: 1669055588-sha_c_1.patch
Url : http://list.georgialibraries.org/pipermail/open-ils-dev/attachments/20070805/c7bd4a94/sha_c_1.bin


More information about the Open-ils-dev mailing list