[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] [ANNOUNCE:] leafnode-1.9.12

To: leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [leafnode-list] [ANNOUNCE:] leafnode-1.9.12
From: Matthias Andree <ma@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: by mail-ob (mbox horst.fischer)(with Cubic Circle's cucipop (v1.31 1998/05/13) Fri Mar 31 00:32:47 2000)

krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Cornelius Krasel) writes:

>     rval = vsprintf(str, fmt, ap);
>     if ( strlen(str) > n ) {
>         syslog( LOG_NOTICE, "snprintf buffer overflow" );
>         str[n] = '\0';
>     }
>     va_end(ap);

DON'T DO THAT! 

While you MIGHT be able to detect the buffer overflow, there is absolutely
nothing your program should do besides raise(SIGKILL) or
kill(getpid(),SIGKILL). You may overwrite trampolines on the stack, you
may overwrite data, addresses, stack frames (munging the return address)
and so on. 

If using LGPL'd code is acceptable, get hold of libiberty (which is part
of gcc distributions) and rip it's vasprintf/asprintf off which
allocates the needed space; you will however need to free() the string
buffer after use.

-- 
Matthias Andree

                Where do you think you're going today?

-- 
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list

Prev by Date: Re: [leafnode-list] [ANNOUNCE:] leafnode-1.9.12
Next by Date: Re: [leafnode-list] [ANNOUNCE:] leafnode-1.9.12
Previous by thread: Re: [leafnode-list] [ANNOUNCE:] leafnode-1.9.12
Next by thread: Re: [leafnode-list] [ANNOUNCE:] leafnode-1.9.12
Index(es):
- Date
- Thread