[CalendarServer-changes] [3961] CalendarServer/trunk/calendarserver/platform/darwin/_sacl.c
source_changes at macosforge.org
source_changes at macosforge.org
Wed Apr 8 09:20:54 PDT 2009
Revision: 3961
http://trac.macosforge.org/projects/calendarserver/changeset/3961
Author: sagen at apple.com
Date: 2009-04-08 09:20:39 -0700 (Wed, 08 Apr 2009)
Log Message:
-----------
Don't allow buffer overflow
Modified Paths:
--------------
CalendarServer/trunk/calendarserver/platform/darwin/_sacl.c
Modified: CalendarServer/trunk/calendarserver/platform/darwin/_sacl.c
===================================================================
--- CalendarServer/trunk/calendarserver/platform/darwin/_sacl.c 2009-04-08 07:30:41 UTC (rev 3960)
+++ CalendarServer/trunk/calendarserver/platform/darwin/_sacl.c 2009-04-08 16:20:39 UTC (rev 3961)
@@ -43,6 +43,9 @@
// If the username is empty, see if there is a com.apple.access_<service>
// group
if ( usernameSize == 0 ) {
+ if ( strlen(serviceName) > 255 - strlen(prefix) ) {
+ return Py_BuildValue("i", (-3));
+ }
memcpy(groupName, prefix, strlen(prefix));
strcpy(groupName + strlen(prefix), serviceName);
if ( mbr_group_name_to_uuid(groupName, group_uu) == 0 ) {
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20090408/dc9bae29/attachment.html>
More information about the calendarserver-changes
mailing list