[XBoard-devel] Buffer overflow

xboard-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[XBoard-devel] Buffer overflow

From:	Byrial Jensen
Subject:	[XBoard-devel] Buffer overflow
Date:	Thu, 22 Dec 2011 20:22:31 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Thunderbird/3.1.15

I think that the function PGNTagsStatic() in pgntags.c is unsafe. Theproblem is that gameInfo->extraTags which can have any size is copiedwithout size control to a buffer which can overflow as the result. Thisis rather serious as it is easy to construct a pgn file that can causethe overflow.

You cannot have something of possibly unlimited size in a static buffer,so I suggest that PGNTagsStatic is removed. PGNTags() can then allocatea big eneogh buffer and do the work itself. PrintPGNTags() doesn't needa buffer, but can print directly to the file.

The "guilty" function is strcat() which is used in many places, so it isprobably a good idea to check all uses of strcat.

However there is no reason to replace all occurences of strcat withsomething else like it is done with strcpy(). I find it a little sillyto see calls to safeStrCpy instead of strcpy when you have justallocated a new buffer of the required size, so strcpy would beperfectly safe to use.

[Prev in Thread]

Current Thread

[Next in Thread]

[XBoard-devel] Buffer overflow, Byrial Jensen <=
- Re: [XBoard-devel] Buffer overflow, h.g. muller, 2011/12/22
  - Re: [XBoard-devel] Buffer overflow, Eric Mullins, 2011/12/22

Prev by Date: Re: [XBoard-devel] Hi from a new member of the xboard team
Next by Date: Re: [XBoard-devel] Buffer overflow
Previous by thread: [XBoard-devel] Hi from a new member of the xboard team
Next by thread: Re: [XBoard-devel] Buffer overflow
Index(es):
- Date
- Thread