Opened 11 years ago
Closed 11 years ago
#286 closed defect (fixed)
Clients with super long client name can crash roard
Reported by: | ph3-der-loewe | Owned by: | ph3-der-loewe |
---|---|---|---|
Priority: | blocker | Milestone: | RoarAudio major release 1.0 |
Component: | RoarAudio Main Package | Version: | 1.0beta4 |
Keywords: | bufferoverflow | Cc: | |
Architecture: | Compiler: | ||
Difficulty: | Kernel: | ||
Operating System: | Parent Tickets: | ||
Patch attached: | no | Protocol: | RoarAudio |
Sound driver: | Topic: | Bug Fix |
Description
Clients with a super long name can crash the client by setting the name and requesting client info for themselfs (or client info is requested by some other client). This happens within roar_ctl_c2m(). The comments within this function already note that there may be such a problem.
This is an objection against the current pre-release (1.0beta4-pr0).
Subtickets
Change History (3)
comment:1 Changed 11 years ago by ph3-der-loewe
comment:2 Changed 11 years ago by ph3-der-loewe
- Owner set to ph3-der-loewe
- Status changed from new to accepted
comment:3 Changed 11 years ago by ph3-der-loewe
- Resolution set to fixed
- Status changed from accepted to closed
- Version changed from current to 1.0beta4
Note: See
TracTickets for help on using
tickets.
There should be a replacement using external data buffers. However removing this function requires soname change.