Uploaded image for project: 'Apache Guacamole - Contributions'
  1. Apache Guacamole - Contributions
  2. GUAC-1049

Out-of-bounds access in recent terminal changes

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Invalid
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: SSH, Telnet
    • Labels:
      None
    • Sprint:
      DEV 2015-02-13

      Description

      From static analysis:

      Overrunning array "buffer" of 1024 bytes by passing it to a function which accesses it at byte offset 4095.

      /src/terminal/terminal.c: 477 in guac_terminal_printf()

      Relevant code excerpt:

      471         va_end(ap);
      472
      473         if (written < 0)
      474             return written;
      475
      476         /* Write to STDOUT */
      477         return guac_terminal_write_stdout(terminal, buffer, written);
      478
      479     }
      480
      481     void guac_terminal_prompt(guac_terminal* terminal, const char* title, char* str, int size, bool echo) {
      482

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mike.jumper Michael Jumper
              Reporter:
              mike.jumper Michael Jumper
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: