Opened 8 years ago

Closed 8 years ago

#286 closed defect (fixed)

Clients with super long client name can crash roard

Reported by: ph3-der-loewe Owned by: ph3-der-loewe
Priority: blocker Milestone: RoarAudio major release 1.0
Component: RoarAudio Main Package Version: 1.0beta4
Keywords: bufferoverflow Cc:
Architecture: Compiler:
Difficulty: Kernel:
Operating System: Parent Tickets:
Patch attached: no Protocol: RoarAudio
Sound driver: Topic: Bug Fix

Description

Clients with a super long name can crash the client by setting the name and requesting client info for themselfs (or client info is requested by some other client). This happens within roar_ctl_c2m(). The comments within this function already note that there may be such a problem.

This is an objection against the current pre-release (1.0beta4-pr0).

Subtickets

Change History (3)

comment:1 Changed 8 years ago by ph3-der-loewe

There should be a replacement using external data buffers. However removing this function requires soname change.

comment:2 Changed 8 years ago by ph3-der-loewe

  • Owner set to ph3-der-loewe
  • Status changed from new to accepted

comment:3 Changed 8 years ago by ph3-der-loewe

  • Resolution set to fixed
  • Status changed from accepted to closed
  • Version changed from current to 1.0beta4
Note: See TracTickets for help on using tickets.