Fix heap overflow in __pmDecodeText routine
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:44 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:44 +0000 (11:28 +1000)
commit9f4e392c97ce42744ec73f82268ce6c815fdca0e
tree3eac72cfd34fb8f0a5dbf5a06d34dd127cd39505
parentb33b3fe43b89ab2cdd488f6ecb0f876530fa953e
Fix heap overflow in __pmDecodeText routine

__pmDecodeText does not check the buflen field against the PDU
length, leading to a read overflow.  Furthermore, buflen is not
validated prior to a malloc call.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841249.

Security advisory CVE-2012-3418.
src/libpcp/src/p_text.c