[avahi] Problem with avahi-test on Solaris
Padraig O'Briain
Padraig.Obriain at Sun.COM
Tue Jul 11 00:15:55 PDT 2006
Lennart Poettering wrote:
> On Mon, 26.06.06 11:06, Padraig O'Briain (Padraig.Obriain at Sun.COM) wrote:
>
>
>> It is not clear to me how to do this. The problem occurs in
>> vsnprintf.
>>
>
> It's definitely not easy to fix this in avahi_log_debug(), because
> you'd have to go through all the arguments and deduce from the format
> string if they are meant to be pointers. This sounds like a lot of
> work.
>
> Due to this I chose to merge Pedraig's patch.
>
> However, I wonder if the whole story might become a DOS vulnerability
> in Avahi on Solaris, because we use avahi_log_debug() in many other
> places in avahi and expect the linuxish NULL handling. An attacker
> might be able to find a call where he can actually influence the
> pointer passed and hence cause avahi to segfault.
>
> I wonder if out would make more sense to copy the GLIBC version of
> vsnprintf into our sources and make use of it on architectures where
> the native vsnprintf is broken, such as Solaris.
>
>
The view on Solaris is that vsnprintf is not broken on Solaris but
passing NULL and expected it to work is.
See http://www.opensolaris.org/jive/thread.jspa?threadID=10875&tstart=0
I am happy to "fix" the calls as I come across them while testing.
Padraig
> Pedraig, this is up to you, since you are our Solaris guy! ;-)
>
> Lennart
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> avahi mailing list
> avahi at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/avahi
>
More information about the avahi
mailing list