This is the mail archive of the
mailing list for the glibc project.
[Bug locale/22029] New: iconv: gconv callback function mangling easily defeated
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Tue, 29 Aug 2017 14:23:30 +0000
- Subject: [Bug locale/22029] New: iconv: gconv callback function mangling easily defeated
- Auto-submitted: auto-generated
Bug ID: 22029
Summary: iconv: gconv callback function mangling easily
Assignee: unassigned at sourceware dot org
Reporter: fweimer at redhat dot com
Target Milestone: ---
Code like this (from wcsmbs/mbrtoc16.c:mbrtoc16) is problematic:
__gconv_fct fct = fcts->towc->__fct;
if (fcts->towc->__shlib_handle != NULL)
status = DL_CALL_FCT (fct, (fcts->towc, &data, &inbuf, endbuf,
NULL, &dummy, 0, 1));
An attacker might just set __shlib_handle to NULL to avoid the need for
mangling the function pointer.
(Flagging as security- because this is merely hardening.)
You are receiving this mail because:
You are on the CC list for the bug.