projects / pcp / pcp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bfb3ab8) | patch
Add field validation to PCP instance PDU decoding
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:43 +0000 (11:28 +1000)
commitbabd6c5c527f87ec838c13a1b4eba612af6ea27c
tree7df6692db8cd4a74bc6c407fa656d8d02e3ce098tree | snapshot
parentbfb3ab8c6b3d75b1a6580feee76a7d0925a3633ccommit | diff
Add field validation to PCP instance PDU decoding

__pmDecodeInstance does not check the numinst and namelen values against
the length of the PDU.  As a result, an application which decodes crafted
PDU_INSTANCE packets can crash.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security team.  Red Hat bugzilla bug #841284.

Security advisory CVE-2012-3418.
src/libpcp/src/p_instance.c diff | blob | blame | history
Performance Co-Pilot development (dev) and stable/release (master) branches.