public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
[not found] <bug-11397-131@http.sourceware.org/bugzilla/>
@ 2014-06-30 18:27 ` fweimer at redhat dot com
2014-06-30 18:28 ` jgeisler at cse dot taylor.edu
1 sibling, 0 replies; 6+ messages in thread
From: fweimer at redhat dot com @ 2014-06-30 18:27 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=11397
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
[not found] <bug-11397-131@http.sourceware.org/bugzilla/>
2014-06-30 18:27 ` [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows fweimer at redhat dot com
@ 2014-06-30 18:28 ` jgeisler at cse dot taylor.edu
1 sibling, 0 replies; 6+ messages in thread
From: jgeisler at cse dot taylor.edu @ 2014-06-30 18:28 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=11397
--- Comment #5 from Jonathan Geisler <jgeisler at cse dot taylor.edu> ---
I am now on sabbatical until the fall semester. I will not be
checking my email regularly during that time, but will keep it all so
that I can reference it should the need arise. I do not plan to go
back through that old email to catch up, however, so do not expect me
to see it sometime in the future.
If you need to contact me in a timely manner, either call my cell or
contact my program assistant, Lara Horsley (765-998-5162), and she
will track me down. Please do not try my office phone number as I am
not using that office so that I can be away from the "hustle and
bustle" of the normal activity there. I am not checking voice mail at
that number, either.
-- Jonathan Geisler --
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
2010-03-18 3:25 [Bug libc/11397] New: calls to cuserid() can result in buffer overflows jgeisler at cse dot taylor dot edu
` (2 preceding siblings ...)
2010-03-18 15:55 ` jgeisler at cse dot taylor dot edu
@ 2010-03-24 23:03 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: drepper at redhat dot com @ 2010-03-24 23:03 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2010-03-24 23:03 -------
The only thing that counts in handling this issue is that the code increase is
kept minimal. The function should never be used and therefore performance is
irrelevant. I used the first proposed patch.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
http://sourceware.org/bugzilla/show_bug.cgi?id=11397
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
2010-03-18 3:25 [Bug libc/11397] New: calls to cuserid() can result in buffer overflows jgeisler at cse dot taylor dot edu
2010-03-18 12:14 ` [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows jgeisler at cse dot taylor dot edu
2010-03-18 13:21 ` ldv at altlinux dot org
@ 2010-03-18 15:55 ` jgeisler at cse dot taylor dot edu
2010-03-24 23:03 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: jgeisler at cse dot taylor dot edu @ 2010-03-18 15:55 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jgeisler at cse dot taylor dot edu 2010-03-18 15:54 -------
That should be the same effect since strncpy() promises to zero fill any unused
portion of the array.
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11397
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
2010-03-18 3:25 [Bug libc/11397] New: calls to cuserid() can result in buffer overflows jgeisler at cse dot taylor dot edu
2010-03-18 12:14 ` [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows jgeisler at cse dot taylor dot edu
@ 2010-03-18 13:21 ` ldv at altlinux dot org
2010-03-18 15:55 ` jgeisler at cse dot taylor dot edu
2010-03-24 23:03 ` drepper at redhat dot com
3 siblings, 0 replies; 6+ messages in thread
From: ldv at altlinux dot org @ 2010-03-18 13:21 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From ldv at altlinux dot org 2010-03-18 13:21 -------
(In reply to comment #0)
> - return strncpy (s, pwptr->pw_name, L_cuserid);
> + s[L_cuserid - 1] = '\0';
> + return strncpy (s, pwptr->pw_name, L_cuserid - 1);
If any change is going to be made for this case, I suggest this one:
- return strncpy (s, pwptr->pw_name, L_cuserid);
+ s[0] = '\0';
+ return strncat (s, pwptr->pw_name, L_cuserid - 1);
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11397
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows
2010-03-18 3:25 [Bug libc/11397] New: calls to cuserid() can result in buffer overflows jgeisler at cse dot taylor dot edu
@ 2010-03-18 12:14 ` jgeisler at cse dot taylor dot edu
2010-03-18 13:21 ` ldv at altlinux dot org
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: jgeisler at cse dot taylor dot edu @ 2010-03-18 12:14 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From jgeisler at cse dot taylor dot edu 2010-03-18 12:14 -------
After a good night's sleep, I realized that the summary line was incorrectly
describing the problem. cuserid() doesn't cause a buffer overflow, but since it
may not NUL-terminate a C-string, the code that uses the buffer may overrun the
array. If the calling code isn't careful with size and expects the terminating
NUL (e.g., using strcpy() instead of strncpy()), then buffer overflows can occur.
--
What |Removed |Added
----------------------------------------------------------------------------
Summary|calls to cuserid() can |calls to cuserid() can
|result in buffer overflows |result in buffer overruns
| |and/or overflows
http://sourceware.org/bugzilla/show_bug.cgi?id=11397
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-30 18:28 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <bug-11397-131@http.sourceware.org/bugzilla/>
2014-06-30 18:27 ` [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows fweimer at redhat dot com
2014-06-30 18:28 ` jgeisler at cse dot taylor.edu
2010-03-18 3:25 [Bug libc/11397] New: calls to cuserid() can result in buffer overflows jgeisler at cse dot taylor dot edu
2010-03-18 12:14 ` [Bug libc/11397] calls to cuserid() can result in buffer overruns and/or overflows jgeisler at cse dot taylor dot edu
2010-03-18 13:21 ` ldv at altlinux dot org
2010-03-18 15:55 ` jgeisler at cse dot taylor dot edu
2010-03-24 23:03 ` drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).