Add missing PDU length checks in __pmDecodeLogControl routine
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:45 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:45 +0000 (11:28 +1000)
commitb9f41448621b01988f72bd41d4764a5570e606ba
treec123da32d80f8485cd8473b7b0e18345435529c8
parent5b97cdc78c83e308a88462ba77ca392258577efb
Add missing PDU length checks in __pmDecodeLogControl routine

__pmDecodeLogControl did not check the c_numpmid and v_numval fields
against the size of the PDU.  Due to the way the sizes passed to malloc
are calculated, heap objects could be allocated which are too small,
leading to a heap-based buffer overflow.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841290.

Security advisory CVE-2012-3418.
src/libpcp/src/p_lcontrol.c