[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
20050405: Bug in gempak - gempak/source/cgemlib/cfl/cflmnam.c
This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
- Subject: 20050405: Bug in gempak - gempak/source/cgemlib/cfl/cflmnam.c
- Date: Tue, 05 Apr 2005 11:05:07 -0600
Harry, I added the null termination to dattim as used in dcflnam.c and dcflnam2.c in dcgrib2 in the 5.8.1 release. I will check to see if dattim is not null terminated in other locations since there is no length passed to the routine for a st_null() check. Thanks, Steve Chiswell Unidata User Support >From: Harry Edmon <address@hidden> >Organization: UCAR/Unidata >Keywords: 200504051646.j35GkEv2013784 >In cflmnam.c line 143 there is a call: > > cst_ncpy(fcst, dattim + 12, strlen(dattim)-12, &ier); > >However, dattim may not be null terminated (I found this to be the case in its > >use in dcgrib2), thus strlen(dattim)-12 may very well be greater than the size > >of fcst, causing a buffer overflow. > -- NOTE: All email exchanges with Unidata User Support are recorded in the Unidata inquiry tracking system and then made publicly available through the web. If you do not want to have your interactions made available in this way, you must let us know in each email you send to us.
- Prev by Date: 20050405: Brazil PCDs: BRBK on NMAP2
- Next by Date: 20050405: GEMPAK 5.8.1 available
- Previous by thread: 20050405: Brazil PCDs: BRBK on NMAP2
- Next by thread: 20050405: GEMPAK 5.8.1 available
- Index(es):