public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/4344] New: ldconfig off-by-off-by-one alloca for sprintf
@ 2007-04-11 1:54 davea42 at earthlink dot net
2007-04-13 19:53 ` [Bug libc/4344] " cvs-commit at gcc dot gnu dot org
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: davea42 at earthlink dot net @ 2007-04-11 1:54 UTC (permalink / raw)
To: glibc-bugs
elf/ldconfig.c has 2 off-by-off-by-one alloca for sprintf.
(still in 1.58 MAIN).
Independent of target/host/build.
For both of the sprintf below, the computation is
strlen() + strlen() +1. But needs +2 as one for / and one for
null terminator.
697 len = strlen (direntry->d_name);
698 /* Skip temporary files created by the prelink program. Files with
699 names like these are never really DSOs we want to look at. */
700 if (len >= sizeof (".#prelink#") - 1)
701 {
702 if (strcmp (direntry->d_name + len - sizeof (".#prelink#") + 1,
703 ".#prelink#") == 0)
704 continue;
705 if (len >= sizeof (".#prelink#.XXXXXX") - 1
706 && memcmp (direntry->d_name + len - sizeof (".#prelink#.XXXXX
X")
707 + 1, ".#prelink#.", sizeof (".#prelink#.") - 1) ==
0)
708 continue;
709 }
710 len += strlen (entry->path);
711 if (len > file_name_len)
712 {
713 file_name_len = len + 1;
714 file_name = alloca (file_name_len);
715 if (!opt_chroot)
716 real_file_name = file_name;
717 }
718 sprintf (file_name, "%s/%s", entry->path, direntry->d_name);
719 if (opt_chroot)
720 {
721 len = strlen (dir_name) + strlen (direntry->d_name);
722 if (len > real_file_name_len)
723 {
724 real_file_name_len = len + 1;
725 real_file_name = alloca (real_file_name_len);
726 }
727 sprintf (real_file_name, "%s/%s", dir_name, direntry->d_name);
728 }
--
Summary: ldconfig off-by-off-by-one alloca for sprintf
Product: glibc
Version: 2.4
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: davea42 at earthlink dot net
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=4344
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/4344] ldconfig off-by-off-by-one alloca for sprintf
2007-04-11 1:54 [Bug libc/4344] New: ldconfig off-by-off-by-one alloca for sprintf davea42 at earthlink dot net
@ 2007-04-13 19:53 ` cvs-commit at gcc dot gnu dot org
2007-04-23 9:44 ` jakub at redhat dot com
2007-07-12 15:10 ` cvs-commit at gcc dot gnu dot org
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2007-04-13 19:53 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2007-04-13 20:53 -------
Subject: Bug 4344
CVSROOT: /cvs/glibc
Module name: libc
Changes by: jakub@sourceware.org 2007-04-13 20:53:20
Modified files:
. : ChangeLog
elf : ldconfig.c
Log message:
[BZ #4344]
* elf/ldconfig.c (search_dir): Fix 2 off-by-2 errors.
Reported by David Anderson <davea42@earthlink.net>.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&r1=1.10577&r2=1.10578
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/ldconfig.c.diff?cvsroot=glibc&r1=1.58&r2=1.59
--
http://sourceware.org/bugzilla/show_bug.cgi?id=4344
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/4344] ldconfig off-by-off-by-one alloca for sprintf
2007-04-11 1:54 [Bug libc/4344] New: ldconfig off-by-off-by-one alloca for sprintf davea42 at earthlink dot net
2007-04-13 19:53 ` [Bug libc/4344] " cvs-commit at gcc dot gnu dot org
@ 2007-04-23 9:44 ` jakub at redhat dot com
2007-07-12 15:10 ` cvs-commit at gcc dot gnu dot org
2 siblings, 0 replies; 4+ messages in thread
From: jakub at redhat dot com @ 2007-04-23 9:44 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jakub at redhat dot com 2007-04-23 10:44 -------
Fixed in CVS.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=4344
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Bug libc/4344] ldconfig off-by-off-by-one alloca for sprintf
2007-04-11 1:54 [Bug libc/4344] New: ldconfig off-by-off-by-one alloca for sprintf davea42 at earthlink dot net
2007-04-13 19:53 ` [Bug libc/4344] " cvs-commit at gcc dot gnu dot org
2007-04-23 9:44 ` jakub at redhat dot com
@ 2007-07-12 15:10 ` cvs-commit at gcc dot gnu dot org
2 siblings, 0 replies; 4+ messages in thread
From: cvs-commit at gcc dot gnu dot org @ 2007-07-12 15:10 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From cvs-commit at gcc dot gnu dot org 2007-07-12 15:10 -------
Subject: Bug 4344
CVSROOT: /cvs/glibc
Module name: libc
Branch: glibc-2_5-branch
Changes by: jakub@sourceware.org 2007-07-12 15:09:50
Modified files:
. : ChangeLog
elf : ldconfig.c
Log message:
2007-04-13 Jakub Jelinek <jakub@redhat.com>
[BZ #4344]
* elf/ldconfig.c (search_dir): Fix 2 off-by-2 errors.
Reported by David Anderson <davea42@earthlink.net>.
Patches:
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/ChangeLog.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.10362.2.65&r2=1.10362.2.66
http://sourceware.org/cgi-bin/cvsweb.cgi/libc/elf/ldconfig.c.diff?cvsroot=glibc&only_with_tag=glibc-2_5-branch&r1=1.54&r2=1.54.2.1
--
http://sourceware.org/bugzilla/show_bug.cgi?id=4344
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-07-12 15:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-04-11 1:54 [Bug libc/4344] New: ldconfig off-by-off-by-one alloca for sprintf davea42 at earthlink dot net
2007-04-13 19:53 ` [Bug libc/4344] " cvs-commit at gcc dot gnu dot org
2007-04-23 9:44 ` jakub at redhat dot com
2007-07-12 15:10 ` cvs-commit at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).