This is the mail archive of the gcc-bugs@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

ada/5903: Buffer overflow in temporary file creation

From: fw at deneb dot enyo dot de
To: gcc-gnats at gcc dot gnu dot org
Date: 10 Mar 2002 09:36:49 -0000
Subject: ada/5903: Buffer overflow in temporary file creation
Reply-to: fw at deneb dot enyo dot de


>Number:         5903
>Category:       ada
>Synopsis:       Buffer overflow in temporary file creation
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Mar 10 01:46:00 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     fw@deneb.enyo.de
>Release:        3.1 20020308 (prerelease), 3.2 20020308 (experimental)
>Organization:
>Environment:
i686-pc-linux-gnu
>Description:
There is a buffer overflow bug in adaint.c:__gnat_tmp_name() (inside the #ifdef linux).

This bug could lead to unsafe setuid/setgid programs on GNU/Linux systems.
>How-To-Repeat:

>Fix:
Limit the length of the string copied from the TMPDIR environment variable.
>Release-Note:
>Audit-Trail:
>Unformatted:

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]