This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH 1/2] vfprintf: validate nargs and argument-based offsets
On Mon, Mar 05, 2012 at 10:36:23AM +0100, Andreas Jaeger wrote:
> On Friday, March 02, 2012 22:06:40 Kees Cook wrote:
> > The nargs value can overflow when doing allocations, allowing arbitrary
> > memory writes via format strings, bypassing _FORTIFY_SOURCE:
> > http://www.phrack.org/issues.html?issue=67&id=9
> > This checks for nargs overflow and possibly allocates from heap instead
> > of stack, and adds a regression test for the situation.
> > Now with more errno setting. :)
> > 2012-03-02 Kees Cook <email@example.com>
> > [BZ #13656]
> > * stdio-common/vfprintf.c (vfprintf): Check for nargs overflow and
> > possibly allocate from heap instead of stack.
> > * stdio-common/bug-vfprintf-nargs.c: New file.
> > * stdio-common/Makefile (tests): Add nargs overflow test.
> Thanks, this is ok now.
> I committed it to trunk and added a glibc_2.15 mark to the bug report,
Kees Cook @outflux.net