This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/22030] New: openpty, forkpty interface is prone to buffer overflows
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 29 Aug 2017 15:44:35 +0000
- Subject: [Bug libc/22030] New: openpty, forkpty interface is prone to buffer overflows
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=22030
Bug ID: 22030
Summary: openpty, forkpty interface is prone to buffer
overflows
Product: glibc
Version: 2.26
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
CC: drepper.fsp at gmail dot com
Target Milestone: ---
The manual says this about openpty:
“
-- Function: int openpty (int *AMASTER, int *ASLAVE, char *NAME, const
struct termios *TERMP, const struct winsize *WINP)
[…]
If the argument NAME is not a null pointer, the file name of the slave
pseudo-terminal device is stored in ‘*name’.
”
The caller does not supply any information about the size of the buffer at
NAME, so it is conceivable that it ends up being too small.
forkpty has the same issue.
See bug 13385 for another issue with this interface.
--
You are receiving this mail because:
You are on the CC list for the bug.