[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
20050405: Bug in gempak - gempak/source/cgemlib/cfl/cflmnam.c
- Subject: 20050405: Bug in gempak - gempak/source/cgemlib/cfl/cflmnam.c
- Date: Tue, 05 Apr 2005 11:05:07 -0600
Harry,
I added the null termination to dattim as used in
dcflnam.c and dcflnam2.c in dcgrib2 in the 5.8.1 release.
I will check to see if dattim is not null terminated in other locations
since there is no length passed to the routine for a st_null() check.
Thanks,
Steve Chiswell
Unidata User Support
>From: Harry Edmon <address@hidden>
>Organization: UCAR/Unidata
>Keywords: 200504051646.j35GkEv2013784
>In cflmnam.c line 143 there is a call:
>
> cst_ncpy(fcst, dattim + 12, strlen(dattim)-12, &ier);
>
>However, dattim may not be null terminated (I found this to be the case in its
>
>use in dcgrib2), thus strlen(dattim)-12 may very well be greater than the size
>
>of fcst, causing a buffer overflow.
>
--
NOTE: All email exchanges with Unidata User Support are recorded in the
Unidata inquiry tracking system and then made publicly available
through the web. If you do not want to have your interactions made
available in this way, you must let us know in each email you send to us.
