This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug stdio/14771] New: add length sanity check to snprintf


http://sourceware.org/bugzilla/show_bug.cgi?id=14771

             Bug #: 14771
           Summary: add length sanity check to snprintf
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: stdio
        AssignedTo: fweimer@redhat.com
        ReportedBy: fweimer@redhat.com
    Classification: Unclassified


We should reject impossibly large size arguments for snprintf, vsprintf.  This
is similar to bug 13592.  Passing (size_t)-1 to snprintf to emulate the sprintf
behavior might actually be valid code, so this would have to be restricted to
-D_FORTIFY_SOURCE mode.

This is prompted by
<https://lists.exim.org/lurker/message/20121026.080330.74b9147b.en.html>
(CVE-2012-5671).

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]