Abends in Arcserve 11.1r over runs buffer for memcpy

The server abends running Arcserve when cron jobs run. Coredumps showed that a libc callback was being done for Arcserve to handle a perl script command line. Arcserve assumed that the size of the buffer used to copy this command was larger than it actualy was. This caused the abend in Libc's memcpy function:

memcpy

arcserve.nlm

_DoCallBack

EstablishCallBackContext

NWParseCommandEx

NWParseCommand

system

The counter passed into ECX for the size of the buffer was 80 longs. The buffer itself was only 34 longs in length. Hence the abend. The buffer contained a string for a perl script:

936FBF74 70 65 72 6C 20 73 79 73-3A 2F 61 70 61 63 68 65 perl sys:/apache
936FBF84 32 2F 62 69 6E 2F 72 6F-74 61 74 65 2E 70 6C 20 2/bin/rotate.pl
936FBF94 73 79 73 3A 2F 61 70 61-63 68 65 32 2F 62 69 6E sys:/apache2/bin
936FBFA4 2F 72 6F 74 61 74 65 2E-69 6E 69 20 2D 2D 6E 6F /rotate.ini --no
936FBFB4 73 63 72 65 65 6E 00 00-34 34 34 34 50 E8 69 C0 screen..4444Phi@
936FBFC4 FF FF 59 E9 E3 FD FF FF-8D 40 00 BF 64 20 00 00 ..Yic}...@.?d ..
936FBFD4 8B 75 F0 B9 05 00 00 00-F3 A6 0F B6 56 FF 0F B6 .up9....s&.6V..6
936FBFE4 47 FF 29 C2 85 D2 75 73-8B 45 F0 50 E8 FA FC FE G.)B.Rus.EpPhz|~
936FBFF4 FF 59 83 7D E0 00 74 23-8B 45 0C C7 .Y.}`.t#.E.G

As can be seen, this buffer is much smaller than 80 longs. Arcserve assumed the buffer to be larger. CA needs to fix their code to check the size of the buffer before using memcpy to copy it.