This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Fix nan functions handling of payload strings (bug 16961, bug 16962)
- From: Florian Weimer <fweimer at redhat dot com>
- To: Joseph Myers <joseph at codesourcery dot com>, libc-alpha at sourceware dot org
- Cc: carlos at redhat dot com
- Date: Mon, 30 Nov 2015 11:13:22 +0100
- Subject: Re: Fix nan functions handling of payload strings (bug 16961, bug 16962)
- Authentication-results: sourceware.org; auth=none
- References: <alpine dot DEB dot 2 dot 10 dot 1511270023120 dot 32583 at digraph dot polyomino dot org dot uk>
On 11/27/2015 01:26 AM, Joseph Myers wrote:
> Carlos, the NEWS entry is a consequence of what you said in
> <https://sourceware.org/ml/libc-alpha/2015-10/msg00776.html> about
> security+ bugs (such as this one, involving an unbounded stack
> allocation from what could theoretically be untrusted input) getting
> such entries. Does it seem right to you? Once the NEWS entry is
> resolved, I intend to commit this patch.
> +* The nan, nanf and nanl functions no longer have unbounded stack usage
> + depending on the length of the string passed as an argument to the
> + functions. Reported by Joseph Myers.
> +
I think reporters of security bugs want their bugs marked as security
bugs. This could be achieve by putting them into a separate section, or
adding a “SECURITY: ” prefix or something like that.
My attempts to secure CVE assignments for public glibc bugs have not
been successful so far. If we had CVE identifiers for security bugs,
that would serve as a useful marker as well.
Florian