Add missing namelen checks in __pmDecodeFetch routine
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
commit7eb479b91ef12bf89a15b078af2107c8c4746a4a
treee3968c0da44edbb9acee0572fc8c6c32f0841aad
parente4faa1f0ba29151340920d975fc7639adf8371d5
Add missing namelen checks in __pmDecodeFetch routine

pmcd crashes when processing a crafted PDU_FETCH request because of a
missing length check in __pmDecodeFetch.  Code execution through this
bug appears unlikely because the loop which runs past the end of the
PDU only performs byte swapping (on little-endian architectures).

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841183.

Security advisory CVE-2012-3418.
src/libpcp/src/p_fetch.c