cscope -- buffer overflow vulnerabilities

ID 72D8DF84-EA6D-11DA-8A53-00123FFE8333
Type freebsd
Reporter FreeBSD
Modified 2004-11-11T00:00:00


Jason Duell reports:

Cscope contains an alarming number of buffer overflow vulnerabilities. By a rough count, there are at least 48 places where we blindly sprintf() a file name into a fixed-length buffer of size PATHLEN without checking to see if the file's name is <= PATHLEN. We do similar things with environment variable values.