[Slirp] [PATCH 0/6] snprintf() vulnerabilities
Philippe Mathieu-Daudé
philmd at redhat.com
Mon Jan 27 15:35:55 UTC 2020
Cc'ing Daniel, David and Laszlo who I Cc'ed in patch #1/6.
On 1/27/20 10:24 AM, marcandre.lureau at redhat.com wrote:
> From: Marc-André Lureau <marcandre.lureau at redhat.com>
>
> Various calls to snprintf() in libslirp assume that snprintf() returns
> "only" the number of bytes written (excluding terminating NUL).
>
> Reported-by: Laszlo Ersek <lersek at redhat.com>
>
> Marc-André Lureau (6):
> util: add slirp_fmt() helpers
> dhcpv6: use slirp_fmt()
> misc: use slirp_fmt0()
> tftp: use slirp_fmt0()
> tcp_ctl: use slirp_fmt()
> tcp_emu: fix unsafe snprintf() usages
>
> src/dhcpv6.c | 13 +++++------
> src/misc.c | 12 +++++-----
> src/tcp_subr.c | 49 +++++++++++++++++++--------------------
> src/tftp.c | 8 ++-----
> src/util.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++
> src/util.h | 3 +++
> 6 files changed, 102 insertions(+), 45 deletions(-)
>
Note to the reviewers, this series is already applied to libslirp/master
so changes requested will have to be as new patches op top.
Is it possible to have GitLab send a notification to the list when a
series is merged? That would save reviewers some time.
Thanks,
Phil.
More information about the Slirp
mailing list