This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug network/18724] New: Harden put*ent functions against data injection
- From: "fweimer at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 27 Jul 2015 12:26:15 +0000
- Subject: [Bug network/18724] New: Harden put*ent functions against data injection
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=18724
Bug ID: 18724
Summary: Harden put*ent functions against data injection
Product: glibc
Version: 2.21
Status: NEW
Severity: normal
Priority: P2
Component: network
Assignee: fweimer at redhat dot com
Reporter: fweimer at redhat dot com
Target Milestone: ---
Flags: security-
putpwent, putspent and similar functions should check the values they write for
newlines and ':' characters to avoid data injection.
This is just hardening, no known security impact. Known callers of putpwent
implement the checks themselves.
--
You are receiving this mail because:
You are on the CC list for the bug.