Change #264066
| Category | libpcap |
| Changed by | Denis Ovsienko <denis@ovsienko.info> |
| Changed at | Wed 08 Apr 2026 19:02:32 |
| Repository | https://git.tcpdump.org/libpcap |
| Project | libpcap |
| Branch | master |
| Revision | a513eef4df577d4f3e201c896a29f479ca2614c6 |
Comments
Neutralize rpcap_doauth_userinfo(). asoticdin <dinasotic100@gmail.com> found that rpcap_doauth_userinfo() is subject to a stack buffer overflow because it ignores the buffer size whilst copying data into it: one time for 'username' and another for 'password'. The problem originated in commit 11303c1; it became smaller after commit f2ccd4b, but did not disappear. This feature has not been a part of a release, so disable it until it is clear how to resolve the problem.
Changed files
- CHANGES
- pcap-int.h
- pcap-rpcap.c
- pcap/pcap.h