oss-sec mailing list archives

Re: CVE request -- memcached

From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 08 Apr 2010 14:02:13 -0500

On Thu, 2010-04-08 at 11:57 -0500, Jamie Strandboge wrote:

People wanting to fix this may want to more thoroughly look at the
patch[1]. After a cursory glance at it, I'm not sure it is enough:
1. it uses:
  if (strcmp(ptr, "get ") && strcmp(ptr, "gets ")) {

Why not use something like (*totally* untested):
  if (strncmp(ptr, "get ", 5) && strncmp(ptr, "gets ", 5)) {

just in case ptr is not NULL terminated? I haven't checked if this is an
actual issue, but it certainly wouldn't hurt. '5' should probably be
changed to something more reasonable.


FYI, looks like upstream decided to use strncmp after all:
http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719


-- 
Jamie Strandboge             | http://www.canonical.com

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

CVE request -- memcached Jamie Strandboge (Apr 08)
- Re: CVE request -- memcached Jamie Strandboge (Apr 08)
- Re: CVE request -- memcached Josh Bressers (Apr 08)