From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 9337 invoked by alias); 26 Oct 2012 10:06:50 -0000 Received: (qmail 9223 invoked by uid 48); 26 Oct 2012 10:06:35 -0000 From: "fweimer at redhat dot com" To: glibc-bugs@sources.redhat.com Subject: [Bug stdio/14771] New: add length sanity check to snprintf Date: Fri, 26 Oct 2012 10:06:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: stdio X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: fweimer at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2012-10/txt/msg00244.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=14771 Bug #: 14771 Summary: add length sanity check to snprintf Product: glibc Version: unspecified Status: NEW Severity: normal Priority: P2 Component: stdio AssignedTo: fweimer@redhat.com ReportedBy: fweimer@redhat.com Classification: Unclassified We should reject impossibly large size arguments for snprintf, vsprintf. This is similar to bug 13592. Passing (size_t)-1 to snprintf to emulate the sprintf behavior might actually be valid code, so this would have to be restricted to -D_FORTIFY_SOURCE mode. This is prompted by (CVE-2012-5671). -- Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.