[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[netCDF #DOY-885966]: [PATCH] Vulnerability & fix in nc_inq_attname(), nc_inq_dimname() and nc_inq_varname(), and in nccopy.c/dumplib.c
This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
- Subject: [netCDF #DOY-885966]: [PATCH] Vulnerability & fix in nc_inq_attname(), nc_inq_dimname() and nc_inq_varname(), and in nccopy.c/dumplib.c
- Date: Tue, 08 Dec 2015 12:44:34 -0700
I took a quick look and have the following notes. 1. fix_nccopy_dumplib.patch seems right to me and we should apply it. Probably, we need to search the code as a whole to see if there are any other occurrences. 2. fix_NC_MAX_NAME_overflow.patch; Not sure about this. An alternative is to truncate the name to NC_MAX_NAME when it is copied out rather than cause an error. =Dennis Heimbigner Unidata Ticket Details =================== Ticket ID: DOY-885966 Department: Support netCDF Priority: Normal Status: Closed
- Prev by Date: [netCDF #UGE-205390]: nc-config with static libraries
- Next by Date: [netCDF #BUX-356656]: NetCDF3 versus NetCDF4 types
- Previous by thread: [netCDF #DOY-885966]: [PATCH] Vulnerability & fix in nc_inq_attname(), nc_inq_dimname() and nc_inq_varname(), and in nccopy.c/dumplib.c
- Next by thread: [netCDFJava #QZT-830117]: xmrg to grib1 or grib2?
- Index(es):