[Slirp] [PATCH 0/6] snprintf() vulnerabilities
marcandre.lureau at redhat.com
marcandre.lureau at redhat.com
Mon Jan 27 09:24:08 UTC 2020
From: Marc-André Lureau <marcandre.lureau at redhat.com>
Various calls to snprintf() in libslirp assume that snprintf() returns
"only" the number of bytes written (excluding terminating NUL).
Reported-by: Laszlo Ersek <lersek at redhat.com>
Marc-André Lureau (6):
util: add slirp_fmt() helpers
dhcpv6: use slirp_fmt()
misc: use slirp_fmt0()
tftp: use slirp_fmt0()
tcp_ctl: use slirp_fmt()
tcp_emu: fix unsafe snprintf() usages
src/dhcpv6.c | 13 +++++------
src/misc.c | 12 +++++-----
src/tcp_subr.c | 49 +++++++++++++++++++--------------------
src/tftp.c | 8 ++-----
src/util.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/util.h | 3 +++
6 files changed, 102 insertions(+), 45 deletions(-)
--
2.25.0.rc2.1.g09a9a1a997
More information about the Slirp
mailing list