[GRASS-git] [OSGeo/grass] dec426: libgis/r.gwflow: fixed security vulnerabilities an...
Jaden Abrams
noreply at github.com
Sun Apr 7 06:00:05 PDT 2024
Branch: refs/heads/main
Home: https://github.com/OSGeo/grass
Commit: dec42666cac1d09a271a8544e425117a25526536
https://github.com/OSGeo/grass/commit/dec42666cac1d09a271a8544e425117a25526536
Author: Jaden Abrams <96440993+jadenabrams100 at users.noreply.github.com>
Date: 2024-04-07 (Sun, 07 Apr 2024)
Changed paths:
M lib/gis/error.c
M lib/gis/mapset_msc.c
M raster/r.gwflow/main.c
Log Message:
-----------
libgis/r.gwflow: fixed security vulnerabilities and weaknesses (#3549)
This fixes three vulnerabilities/weaknesses found with older scans of Coverity:
- Issue 1208372 in lib/gis/error.c concerns an unbounded read of an environment variable into memory. An attacker could overwrite the environment variable that is accessed by G__home() and exploit it to overflow the buf array.
- Issue 1501330 in lib/gis/mapset_msc.c concerns writing into an array that is not null terminated. If the path variable was not null terminated, the write could fill the whole array with data without a null terminator, causing trouble down the line.
- Issue 1207344 in raster/r.gwflow/main.c concerns a constant variable guarding dead code. This is not exactly a security vulnerability, but is a code quality issue I was able to easily fix.
To unsubscribe from these emails, change your notification settings at https://github.com/OSGeo/grass/settings/notifications
More information about the grass-commit
mailing list