This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/18795] stpncpy fortification misses buffer lengths that are statically too large


https://sourceware.org/bugzilla/show_bug.cgi?id=18795

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |fweimer at redhat dot com

--- Comment #2 from Florian Weimer <fweimer at redhat dot com> ---
(In reply to Zack Weinberg from comment #0)
> This is arguably a security flaw, but I don't think it's serious enough to
> warrant the whole CVE dance - still, the patch (to follow) should probably
> be backported to all active branches.

Thanks for reporting this.

Just to be absolutely clear: The impact here is that a buffer size
specification which is a compile-time constant and which is too large results
in a lack of fortification.  The result can be an undetected buffer overflow if
the supplied input string argument is too large.

Backporting does not help directly because the bug is a macro.  After
recompilation, it will also introduce crashes into programs which at least
appeared to work fine before, so it is a fairly risky change.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]