View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009286 | GNUnet | util library | public | 2024-10-21 15:51 | 2024-10-23 13:19 |
Reporter | fefe | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Target Version | 0.22.2 | ||||
Summary | 0009286: GNUNET_asprintf: don't call vsprintf | ||||
Description | 363 int 364 GNUNET_asprintf (char **buf, 365 const char *format, 366 ...) 367 { 368 int ret; 369 va_list args; 370 371 va_start (args, 372 format); 373 ret = vsnprintf (NULL, 374 0, 375 format, 376 args); 377 va_end (args); 378 GNUNET_assert (ret >= 0); 379 *buf = GNUNET_malloc (ret + 1); 380 va_start (args, format); 381 ret = vsprintf (*buf, 382 format, 383 args); 384 va_end (args); 385 return ret; 386 } It is possible to construct a format string that will cause the resulting length to cause overflow in vsnprintf. As a defense in depth measure, don't call vsprintf but vsnprintf. | ||||
Tags | No tags attached. | ||||