Closed
Bug 352556
Opened 18 years ago
Closed 11 years ago
buffer overflow for installcleanup [@ strcpy - main] regFilePath argument length isn't checked
Categories
(Core Graveyard :: Installer: XPInstall Engine, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla2.0
People
(Reporter: timeless, Assigned: mossop)
References
()
Details
(Keywords: crash)
Crash Data
I'm not going to credit coverity or klocwork or the even older tool that netscape ran whose name i can't remember or dreftool. i actually used installcleanupunix as an interview question for a couple of years because it was a good example of bad code which let me see how people debugged simple problems (it was a real eye opener to see how people approached it), and one of the interviewees spotted this gem (there were actually a couple of other gems in this file too, i can't remember if this is the last interesting one). installcleanup should not be running as root so nothing interesting should happen. and certainly it should never be suid. the general program flow for installcleanup is that the old mozilla installer (which i believe isn't really used much anymore) would run it.
Updated•15 years ago
|
Assignee: xpi-engine → nobody
QA Contact: xpi-engine
Updated•13 years ago
|
Crash Signature: [@ strcpy - main]
Comment 1•11 years ago
|
||
The code containing the bugs was removed from mozilla-central in 6e65d9a3ce0f (bug 406807).
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
Updated•9 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•