Fix heap buffer overflow in __pmDecodeInstanceReq routine
authorNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:44 +0000 (11:28 +1000)
committerNathan Scott <nathans@redhat.com>
Mon, 13 Aug 2012 01:28:44 +0000 (11:28 +1000)
commitf190942b552aa80d59bbe718866aa00b8e3fd5cc
tree5aea319c581bc3501bc31098675d0737217372c9
parentbabd6c5c527f87ec838c13a1b4eba612af6ea27c
Fix heap buffer overflow in __pmDecodeInstanceReq routine

__pmDecodeInstanceReq does not check the namelen field against the
PDU length, leading to a read overflow.  Furthermore, namelen is not
validated prior to a malloc call.

Original report and fixes reviewed by Florian Weimer of the Red Hat
Security Team.  Red Hat bugzilla bug #841240.

Security advisory CVE-2012-3418.
src/libpcp/src/p_instance.c
src/pmcd/src/dopdus.c