This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nscd/16185] nscd/pwdcache.c (cache_addpw): Possible allocate DATASET outside of the stack if it's too large
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Fri, 13 Jun 2014 12:11:25 +0000
- Subject: [Bug nscd/16185] nscd/pwdcache.c (cache_addpw): Possible allocate DATASET outside of the stack if it's too large
- Auto-submitted: auto-generated
- References: <bug-16185-131 at http dot sourceware dot org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=16185
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--- Comment #7 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to bathang from comment #0)
> #6 0x00007f6e4d30b7db in ___snprintf_chk (
> s=0x5466 <Address 0x5466 out of bounds>, maxlen=8063, flags=6,
> slen=18446744073709551615,
> format=0x626174697277206e <Address 0x626174697277206e out of bounds>)
> at snprintf_chk.c:36
"626174697277206E" decodes to "batirw n", so this does look like a buffer
overflow.
bathang, can you reproduce this? Could you set a breakpoint on this line:
char *buf = alloca (buf_len);
and print the values of key_len, buf_len, and the value of key?
--
You are receiving this mail because:
You are on the CC list for the bug.