Open2300 - Bug Report 2014x 04x 01x 103514

BUG: Buffer Overflow with mysql password

Password struct in rw2300.h is defined as char mysql_passwd[25] If mysql password is set in the config file it gets copied over unconditionally without any check if it's longer than the allocated 25 bytes, thus leading to a buffer overflow.

Solution: check whether password in config file is longer than 25 chars. Exit with error if this is the case (as the DB connection will fail if it's shortened to 25 chars by using strncmp).

Incidentally, this will be a problem with all other configuration parameters as well.

Test case

Enter a MYSQL password longer than 25 chars in the config file


Open2300 version: 1.10
Shared libraries: mysql, postgresql
Server OS: kernel 3.2.0-60-generic
-- AxelEble - 01 Apr 2014

Follow up

Fix record

Topic revision: r1 - 01 Apr 2014, AxelEble
Copyright © 1999-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
This website only use harmless session cookies. See Cookie Policy for details. By using this website you accept the use of these cookies.