Bruno Menlo was doing some independent security research and discovered several reproducible crashes and one hang on the nyoci-plugtest-server program. One of the bugs was a buffer overflow due to the misuse of the nyoci_inbound_get_path() API by nyoci-plugtest-server, which is likely exploitable.
These changes address these bugs. However, I've determined that it is way too easy to misuse the nyoci_inbound_get_path() API, so I have changed it to include a maxlen parameter. Since this is an API change, I've incremented the configuration index. Any program which uses the NYOCI_LIBRARY_VERSION_CHECK() or nyoci_inbound_get_path() will need to be recompiled after this change.
Bruno Menlo was doing some independent security research and discovered several reproducible crashes and one hang on the
nyoci-plugtest-server
program. One of the bugs was a buffer overflow due to the misuse of thenyoci_inbound_get_path()
API bynyoci-plugtest-server
, which is likely exploitable.These changes address these bugs. However, I've determined that it is way too easy to misuse the
nyoci_inbound_get_path()
API, so I have changed it to include amaxlen
parameter. Since this is an API change, I've incremented the configuration index. Any program which uses theNYOCI_LIBRARY_VERSION_CHECK()
ornyoci_inbound_get_path()
will need to be recompiled after this change.Thanks Bruno for reporting this!