oss-sec mailing list archives
Re: CVE request -- memcached
From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 08 Apr 2010 14:02:13 -0500
On Thu, 2010-04-08 at 11:57 -0500, Jamie Strandboge wrote:
People wanting to fix this may want to more thoroughly look at the patch[1]. After a cursory glance at it, I'm not sure it is enough: 1. it uses: if (strcmp(ptr, "get ") && strcmp(ptr, "gets ")) { Why not use something like (*totally* untested): if (strncmp(ptr, "get ", 5) && strncmp(ptr, "gets ", 5)) { just in case ptr is not NULL terminated? I haven't checked if this is an actual issue, but it certainly wouldn't hurt. '5' should probably be changed to something more reasonable.
FYI, looks like upstream decided to use strncmp after all: http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE request -- memcached Jamie Strandboge (Apr 08)
- Re: CVE request -- memcached Jamie Strandboge (Apr 08)
- Re: CVE request -- memcached Josh Bressers (Apr 08)