View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009286GNUnetutil librarypublic2024-10-21 15:512024-10-23 13:19
Reporterfefe Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Target Version0.22.2 
Summary0009286: GNUNET_asprintf: don't call vsprintf
Description  363 int
  364 GNUNET_asprintf (char **buf,
  365 const char *format,
  366 ...)
  367 {
  368 int ret;
  369 va_list args;
  370
  371 va_start (args,
  372 format);
  373 ret = vsnprintf (NULL,
  374 0,
  375 format,
  376 args);
  377 va_end (args);
  378 GNUNET_assert (ret >= 0);
  379 *buf = GNUNET_malloc (ret + 1);
  380 va_start (args, format);
  381 ret = vsprintf (*buf,
  382 format,
  383 args);
  384 va_end (args);
  385 return ret;
  386 }

It is possible to construct a format string that will cause the resulting length to cause overflow in vsnprintf.
As a defense in depth measure, don't call vsprintf but vsnprintf.
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-10-21 15:51 fefe New Issue
2024-10-23 13:19 schanzen Target Version => 0.22.2