This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug network/18724] New: Harden put*ent functions against data injection


https://sourceware.org/bugzilla/show_bug.cgi?id=18724

            Bug ID: 18724
           Summary: Harden put*ent functions against data injection
           Product: glibc
           Version: 2.21
            Status: NEW
          Severity: normal
          Priority: P2
         Component: network
          Assignee: fweimer at redhat dot com
          Reporter: fweimer at redhat dot com
  Target Milestone: ---
             Flags: security-

putpwent, putspent and similar functions should check the values they write for
newlines and ':' characters to avoid data injection.

This is just hardening, no known security impact.  Known callers of putpwent
implement the checks themselves.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]