[sudo-workers] Bug in lbuf_append_quoted
Daniel Kopecek
dkopecek at redhat.com
Mon Aug 12 09:20:58 MDT 2013
Hello,
I've found a bug in lbuf_append_quoted, here's the diff:
--- lbuf.c~ 2012-09-18 15:56:28.000000000 +0200
+++ lbuf.c 2013-08-12 17:01:02.335470715 +0200
-100,7 +100,7 @@
if (lbuf->len + (len * 2) + 1 >= lbuf->size) {
do {
lbuf->size += 256;
- } while (lbuf->len + len + 1 >= lbuf->size);
+ } while (lbuf->len + (len * 2) + 1 >= lbuf->size);
lbuf->buf = erealloc(lbuf->buf, lbuf->size);
}
if (*fmt == '%') {
it might cause a lbuf->size < lbuf->len condition in between
lbuf_append* calls which in turn causes a realloc backtrace/abort...
Dan K.
More information about the sudo-workers
mailing list