[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[netCDF #DOY-885966]: [PATCH] Vulnerability & fix in nc_inq_attname(), nc_inq_dimname() and nc_inq_varname(), and in nccopy.c/dumplib.c

Subject: [netCDF #DOY-885966]: [PATCH] Vulnerability & fix in nc_inq_attname(), nc_inq_dimname() and nc_inq_varname(), and in nccopy.c/dumplib.c
Date: Tue, 08 Dec 2015 12:44:34 -0700

I took a quick look and have the following notes.
1. fix_nccopy_dumplib.patch seems right to me and we should
   apply it. Probably, we need to search the code as a whole
   to see if there are any other occurrences.
2. fix_NC_MAX_NAME_overflow.patch;
   Not sure about this. An alternative is to truncate the name
   to NC_MAX_NAME when it is copied out rather than cause an error.

=Dennis Heimbigner
  Unidata


Ticket Details
===================
Ticket ID: DOY-885966
Department: Support netCDF
Priority: Normal
Status: Closed

Prev by Date: [netCDF #UGE-205390]: nc-config with static libraries
Next by Date: [netCDF #BUX-356656]: NetCDF3 versus NetCDF4 types
Previous by thread: [netCDF #DOY-885966]: [PATCH] Vulnerability & fix in nc_inq_attname(), nc_inq_dimname() and nc_inq_varname(), and in nccopy.c/dumplib.c
Next by thread: [netCDFJava #QZT-830117]: xmrg to grib1 or grib2?
Index(es):
- Date
- Thread