OpenSolaris

Printable Version Enter a New Search
Bug ID 4704937
Synopsis SUNW_ip_rcm.so is sloppy with strings
State 10-Fix Delivered (Fix available in build)
Category:Subcategory network:ipmp
Keywords clearview | codesweep
Responsible Engineer Peter Memishian
Reported Against s10_10 , s10_35
Duplicate Of
Introduced In solaris_9
Commit to Fix snv_107
Fixed In snv_107
Release Fixed solaris_nevada(snv_107)
Related Bugs 4373331 , 4916091 , 4976595
Submit Date 19-June-2002
Last Update Date 28-January-2009
Description 
see comments
[ From the Comments, courtesy of Ed Pilatowicz ]

this bug is being filed from the security code sweep.
i've been going through rcm_daemon using the security code sweep tool
and while analyzing it's output for ip_rcm.c i found an assortment
of potential problems in the source.  most the problems center around
string manipulations.   the problems are things like strcpy's where the
destination buffer is smaller than the source buffer,  or also cases where
it's extremly difficult/impossible to verify if the destination bufer is
smaller than the source buffer.

while i can't see any way that these problems could be used as a
root exploit,  there are problems that could result in memory
corruption causing rcm_daemon to crash.
Work Around 
N/A
Comments 
N/A