This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] vfprint: validate nargs and argument-based offsets

From: Paul Eggert <eggert at cs dot ucla dot edu>
To: Kees Cook <kees at outflux dot net>
Cc: libc-alpha at sourceware dot org
Date: Mon, 05 Mar 2012 10:38:09 -0800
Subject: Re: [PATCH] vfprint: validate nargs and argument-based offsets
References: <20120302185346.GE3990@outflux.net> <20120305180923.74a20a8f@redhat.com> <20120305180608.GR3990@outflux.net>

On 03/05/2012 10:06 AM, Kees Cook wrote:
> Would anyone else prefer it over the current fix?

I'd rather not impose an arbitrary limit here.

Come to think of it, though, the current implementation
*does* impose a limit, which could be defined by something
like this:

  #define NL_ARGMAX (SIZE_MAX / bytes_per_arg)

where an actual constant is needed instead of the expression
(so that NL_ARGMAX can be used within #if).  If we do this,
we'd need to consider the limit in scanf too, since NL_ARGMAX
applies to both.  But this is a low-priority nicety, surely.

References:
- [PATCH] vfprint: validate nargs and argument-based offsets
  - From: Kees Cook
- Re: [PATCH] vfprint: validate nargs and argument-based offsets
  - From: Tomas Hoger
- Re: [PATCH] vfprint: validate nargs and argument-based offsets
  - From: Kees Cook

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]