This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: intl: Proof against invalid offset/length
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Daiki Ueno <ueno at gnu dot org>, bug-gettext at gnu dot org
- Cc: Jakub Wilk <jwilk at debian dot org>, libc-alpha at sourceware dot org
- Date: Wed, 11 Mar 2015 02:39:31 -0400
- Subject: Re: intl: Proof against invalid offset/length
- Authentication-results: sourceware.org; auth=none
- References: <m3oao06pj3 dot fsf-ueno at gnu dot org>
On 03/11/2015 02:01 AM, Daiki Ueno wrote:
> It is surprising that there are no checks of lengths/offsets read from
> MO files. Currently, I'm thinking of the attached patch (to gettext),
> which is a bit complicated. If anyone could suggest a cleaner approach,
> I'd appreciate it.
Why does it surprise you?
The MO files are writable only by root, so it's not a security issue
because if you could write to them you'd be root, and you'd have
full access to the system anyway.
The other alternative is that the filesystem is corrupted and loading
the MO file crashes your application. This is expected since the
filesystem is corrupted. You are suggesting we add some rather complex
checking for the possibly low probability case of a corrupted
filesystem. If the filesystem is corrupted other things will be failing
and you need to fix the corruption.
What strong technical reasons do you have for propsing these additional
checks?
Cheers,
Carlos.