[avahi] Problem with avahi-test on Solaris
Lennart Poettering
lennart at poettering.net
Sun Jul 9 14:41:56 PDT 2006
On Mon, 26.06.06 11:06, Padraig O'Briain (Padraig.Obriain at Sun.COM) wrote:
> It is not clear to me how to do this. The problem occurs in
> vsnprintf.
It's definitely not easy to fix this in avahi_log_debug(), because
you'd have to go through all the arguments and deduce from the format
string if they are meant to be pointers. This sounds like a lot of
work.
Due to this I chose to merge Pedraig's patch.
However, I wonder if the whole story might become a DOS vulnerability
in Avahi on Solaris, because we use avahi_log_debug() in many other
places in avahi and expect the linuxish NULL handling. An attacker
might be able to find a call where he can actually influence the
pointer passed and hence cause avahi to segfault.
I wonder if out would make more sense to copy the GLIBC version of
vsnprintf into our sources and make use of it on architectures where
the native vsnprintf is broken, such as Solaris.
Pedraig, this is up to you, since you are our Solaris guy! ;-)
Lennart
--
Lennart Poettering; lennart [at] poettering [dot] net
ICQ# 11060553; GPG 0x1A015CC4; http://0pointer.net/lennart/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/avahi/attachments/20060709/04d9083c/attachment.pgp
More information about the avahi
mailing list