This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/22030] New: openpty, forkpty interface is prone to buffer overflows


https://sourceware.org/bugzilla/show_bug.cgi?id=22030

            Bug ID: 22030
           Summary: openpty, forkpty interface is prone to buffer
                    overflows
           Product: glibc
           Version: 2.26
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
                CC: drepper.fsp at gmail dot com
  Target Milestone: ---

The manual says this about openpty:

“
 -- Function: int openpty (int *AMASTER, int *ASLAVE, char *NAME, const
          struct termios *TERMP, const struct winsize *WINP)
[…]
If the argument NAME is not a null pointer, the file name of the slave
pseudo-terminal device is  stored in ‘*name’.
”

The caller does not supply any information about the size of the buffer at
NAME, so it is conceivable that it ends up being too small.

forkpty has the same issue.

See bug 13385 for another issue with this interface.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]