Closed Bug 352556 Opened 18 years ago Closed 11 years ago

buffer overflow for installcleanup [@ strcpy - main] regFilePath argument length isn't checked

Categories

(Core Graveyard :: Installer: XPInstall Engine, defect)

Product:
Core Graveyard
Component:
Installer: XPInstall Engine
Platform:
x86
SunOS
Type:
defect
Priority:
Not set
Severity:
trivial

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla2.0

People

(Reporter: timeless, Assigned: mossop)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

I'm not going to credit coverity or klocwork or the even older tool that netscape ran whose name i can't remember or dreftool.

i actually used installcleanupunix as an interview question for a couple of years because it was a good example of bad code which let me see how people debugged simple problems (it was a real eye opener to see how people approached it), and one of the interviewees spotted this gem (there were actually a couple of other gems in this file too, i can't remember if this is the last interesting one).

installcleanup should not be running as root so nothing interesting should happen. and certainly it should never be suid.

the general program flow for installcleanup is that the old mozilla installer (which i believe isn't really used much anymore) would run it.
Assignee: xpi-engine → nobody
QA Contact: xpi-engine
Crash Signature: [@ strcpy - main]
The code containing the bugs was removed from mozilla-central in 6e65d9a3ce0f (bug 406807).
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Assignee: nobody → dtownsend+bugmail
Depends on: 406807
Target Milestone: --- → mozilla2.0
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.