This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [ping5][PATCH][BZ15362] Fix fwrite() reading beyond end of buffer in error path
- From: Siddhesh Poyarekar <siddhesh at redhat dot com>
- To: Allan McRae <allan at archlinux dot org>
- Cc: Siddhesh Poyarekar <siddhesh dot poyarekar at gmail dot com>, Andreas Schwab <schwab at linux-m68k dot org>, Eric Biggers <ebiggers3 at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>, carlos at redhat dot com, "Joseph S. Myers" <joseph at codesourcery dot com>, Andreas Jaeger <aj at suse dot com>, Roland McGrath <roland at hack dot frob dot com>
- Date: Tue, 15 Oct 2013 10:36:22 +0530
- Subject: Re: [ping5][PATCH][BZ15362] Fix fwrite() reading beyond end of buffer in error path
- Authentication-results: sourceware.org; auth=none
- References: <20130922020321 dot GA9977 at zzz dot kirk dot macalester dot edu> <CAAHN_R15-MSp65h=gNEimj14Aa0f24jvGJqswCZEhyh0foCZUw at mail dot gmail dot com> <87pprbuc11 dot fsf at igel dot home> <CAAHN_R0D2Wiizzg4Sog=xSbH3PNbddgbvQEy0Jwo3yPmFfwJ3g at mail dot gmail dot com> <5258725F dot 8040703 at archlinux dot org>
On Sat, Oct 12, 2013 at 07:49:19AM +1000, Allan McRae wrote:
> On 12/10/13 03:07, Siddhesh Poyarekar wrote:
> > On 11 October 2013 19:48, Andreas Schwab <schwab@linux-m68k.org> wrote:
> >> Just go ahead, nobody had objections.
> >
> > Thanks, I've pushed this now.
> >
>
> Does the potential information disclosure in this bug make it CVE worthy?
>
I'm not sure. It does allow reading beyond bounds of the input buffer
and possibly relaying that information into a file. However, this
would require causing the filesystem to return an error somehow and
that seems difficult. One could technically fill up the filesystem
and induce an error, but aren't quotas a defacto thing nowadays? The
other possibility may be bugs in the filesystem that may result in
spurious error return.
Siddhesh