This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] vfprint: validate nargs and argument-based offsets
- From: Roland McGrath <roland at hack dot frob dot com>
- To: Kees Cook <keescook at chromium dot org>
- Cc: libc-alpha at sourceware dot org
- Date: Wed, 1 Feb 2012 13:26:40 -0800 (PST)
- Subject: Re: [PATCH] vfprint: validate nargs and argument-based offsets
- References: <20120131062756.GY4592@outflux.net>
> The nargs value can overflow when doing allocations, and argument-based
> offsets are not bounds-checked, allowing arbitrary memory writes via
> format strings, bypassing _FORTIFY_SOURCE protections:
> http://www.phrack.org/issues.html?issue=67&id=9
>
> This checks for nargs overflow and validates argument-based array offsets.
Seems like a good candidate for adding a test case that demonstrates the
problems.
> + /* Check for potential integer overflow. */
Two spaces after a period (here and below).
Thanks,
Roland