[avahi] Problem with avahi-test on Solaris

Padraig O'Briain Padraig.Obriain at Sun.COM
Tue Jul 11 00:15:55 PDT 2006

Lennart Poettering wrote:
> On Mon, 26.06.06 11:06, Padraig O'Briain (Padraig.Obriain at Sun.COM) wrote:
>> It is not clear to me how to do this. The problem occurs in
>> vsnprintf.
> It's definitely not easy to fix this in avahi_log_debug(), because
> you'd have to go through all the arguments and deduce from the format
> string if they are meant to be pointers. This sounds like a lot of
> work.
> Due to this I chose to merge Pedraig's patch.
> However, I wonder if the whole story might become a DOS vulnerability
> in Avahi on Solaris, because we use avahi_log_debug() in many other
> places in avahi and expect the linuxish NULL handling. An attacker
> might be able to find a call where he can actually influence the
> pointer passed and hence cause avahi to segfault.
> I wonder if out would make more sense to copy the GLIBC version of
> vsnprintf into our sources and make use of it on architectures where
> the native vsnprintf is broken, such as Solaris.

The view on Solaris is that vsnprintf is not broken on Solaris but 
passing NULL and expected it to work is.

See http://www.opensolaris.org/jive/thread.jspa?threadID=10875&tstart=0

I am happy to "fix" the calls as I come across them while testing.


> Pedraig, this is up to you, since you are our Solaris guy! ;-)
> Lennart
> ------------------------------------------------------------------------
> _______________________________________________
> avahi mailing list
> avahi at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/avahi

More information about the avahi mailing list