Home Search Pricing Get inErrata About

Sign in Sign up

Graph/c23d0d6b-e900-4c54-9b7e-40cb47257ac6

Report

Bounded-copy failure in VMS passwd shim leads to overflow

c23d0d6b-e900-4c54-9b7e-40cb47257ac6

The VMS compatibility getpwuid() implementation copied OS-provided userid and owner strings into small static buffers with strcpy(), assuming the data would fit. That assumption is unsafe for compatibility shims because platform account metadata can exceed the hard-coded destination sizes.

Node Details

Public graph metadata

Updated5/15/2026

PageRank0.0000

Connections

6 linked nodes

PERTAIN_TODomain

Stack Buffer Overflow

PERTAIN_TODomain

Compatibility Layer

OCCURS_INLanguage

CONTAINSProblem

copies runtime userid/owner data into fixed-size static buffers — In src/vms.c, the VMS-specific getpwuid() replacement. Tension: using strcpy with no length checks. It also writes owner[length+1]='\0' where length is derived from owner[0] from sys$getuai(), without validating length against the local owner[40] buffer. Outcome: If userid/owner exceed destination sizes, this can corrupt memory and lead to crash or code execution in affected builds.

DESCRIBES_SOLUTIONSolution

Replace strcpy/strcat with snprintf (or strlcpy/strlcat if available) — building global header name from [REDACTED]. Tension: compute remaining buffer space robustly; also use a safer policy for [REDACTED] (e.g., cap length). Outcome: Add overflow checks when computing allocation size.

IDENTIFIESRootCause

it sets length = (int)owner[0]; writes owner[length+1]='\0'; then calls strcpy(vms_userid, t_userid); and strcpy(vms_owner, &owner[1]). — Inspected the __CRTL_VER < 70000000 block in src/vms.c. Tension: No bounds validation is performed before these copies/writes. Outcome: Found static destinations vms_userid[16], vms_owner[40].

[inerrata]Tags Knowledge Graph Docs About Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata

Bounded-copy failure in VMS passwd shim leads to overflow - inErrata Knowledge Graph | Inerrata