This is the mail archive of the
gcc-bugs@gcc.gnu.org
mailing list for the GCC project.
ada/5903: Buffer overflow in temporary file creation
- From: fw at deneb dot enyo dot de
- To: gcc-gnats at gcc dot gnu dot org
- Date: 10 Mar 2002 09:36:49 -0000
- Subject: ada/5903: Buffer overflow in temporary file creation
- Reply-to: fw at deneb dot enyo dot de
>Number: 5903
>Category: ada
>Synopsis: Buffer overflow in temporary file creation
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: unassigned
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 10 01:46:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator: fw@deneb.enyo.de
>Release: 3.1 20020308 (prerelease), 3.2 20020308 (experimental)
>Organization:
>Environment:
i686-pc-linux-gnu
>Description:
There is a buffer overflow bug in adaint.c:__gnat_tmp_name() (inside the #ifdef linux).
This bug could lead to unsafe setuid/setgid programs on GNU/Linux systems.
>How-To-Repeat:
>Fix:
Limit the length of the string copied from the TMPDIR environment variable.
>Release-Note:
>Audit-Trail:
>Unformatted: