[SERVER-12110] Potential buffer overflow in SSLManager::password_cb() due to strcpy() Created: 16/Dec/13 Updated: 11/Jul/16 Resolved: 19/Dec/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.5.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Matt Kangas | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | pull-request | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Fully Compatible |
| Operating System: | ALL |
| Participants: |
| Description |
|
First reported here: https://github.com/mongodb/mongo/pull/157 SSLManager::password_cb() is now in ssl_manager.cpp: https://github.com/mongodb/mongo/blame/master/src/mongo/util/net/ssl_manager.cpp#L441-L446
strcpy() bad! |
| Comments |
| Comment by Githook User [ 19/Dec/13 ] |
|
Author: {u'username': u'renctan', u'name': u'Randolph Tan', u'email': u'randolph@10gen.com'}Message: |
| Comment by Githook User [ 19/Dec/13 ] |
|
Author: {u'username': u'agralius', u'name': u'Andreas Nilsson', u'email': u'andreas.nilsson@10gen.com'}Message: |