This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
- From: Andreas Jaeger <aj at suse dot com>
- To: libc-alpha at sourceware dot org
- Date: Mon, 5 Mar 2012 10:36:23 +0100
- Subject: Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
- References: <20120302210640.GJ3990@outflux.net>
On Friday, March 02, 2012 22:06:40 Kees Cook wrote:
> The nargs value can overflow when doing allocations, allowing arbitrary
> memory writes via format strings, bypassing _FORTIFY_SOURCE:
> http://www.phrack.org/issues.html?issue=67&id=9
>
> This checks for nargs overflow and possibly allocates from heap instead
> of stack, and adds a regression test for the situation.
>
> Now with more errno setting. :)
>
> 2012-03-02 Kees Cook <keescook@chromium.org>
>
> [BZ #13656]
> * stdio-common/vfprintf.c (vfprintf): Check for nargs overflow and
> possibly allocate from heap instead of stack.
> * stdio-common/bug-vfprintf-nargs.c: New file.
> * stdio-common/Makefile (tests): Add nargs overflow test.
Thanks, this is ok now.
I committed it to trunk and added a glibc_2.15 mark to the bug report,
Andreas
--
Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126