This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug dynamic-link/14839] New: Access behind terminating nullbyte of the environment?

From: "jannhorn at googlemail dot com" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sources dot redhat dot com
Date: Tue, 13 Nov 2012 22:40:04 +0000
Subject: [Bug dynamic-link/14839] New: Access behind terminating nullbyte of the environment?
Auto-submitted: auto-generated

http://sourceware.org/bugzilla/show_bug.cgi?id=14839

             Bug #: 14839
           Summary: Access behind terminating nullbyte of the environment?
           Product: glibc
           Version: 2.13
            Status: NEW
          Severity: minor
          Priority: P2
         Component: dynamic-link
        AssignedTo: unassigned@sourceware.org
        ReportedBy: jannhorn@googlemail.com
    Classification: Unclassified


>From rtld.c:

    case 10:
      /* Mask for the important hardware capabilities.  */
      if (memcmp (envline, "HWCAP_MASK", 10) == 0)
        GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
                              0, 0);

As far as I can see, there is no check that makes sure that the tenth byte
isn't already the terminating nullbyte.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

Follow-Ups:
- [Bug dynamic-link/14839] Access behind terminating nullbyte of the environment?
  - From: jannhorn at googlemail dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]