fcaseopen.c buffer overflow #29
Description
Hi!
Whilst trying to open a file case-insensitively I came across a codebase that seemed to do the job. But clang's address sanitizer was having none of it! It turns out that there is an off by one error in the buffer size allocation of fcaseopen causing a null terminator to be strcpy'd into unmanaged memory. I reported the problem to the original project but I decided I'd also let everyone I could find who still had the vulnerability floating around copies of it know as well.
You can find more information about it here: OneSadCookie/fcaseopen#2
Thanks,
Aaron.