This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/14752] New: Unsafe use of alloca in shm_open
- From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: Mon, 22 Oct 2012 17:07:55 +0000
- Subject: [Bug libc/14752] New: Unsafe use of alloca in shm_open
- Auto-submitted: auto-generated
http://sourceware.org/bugzilla/show_bug.cgi?id=14752
Bug #: 14752
Summary: Unsafe use of alloca in shm_open
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: bugdal@aerifal.cx
CC: drepper.fsp@gmail.com
Classification: Unclassified
shm_open passes an arbitrarily-large value resulting from strlen to alloca,
resulting in stack overflow. As there is no interface for supporting
"directories" of shared memory, it makes sense to just bound the length by
NAME_MAX and return an error if the input name is longer. Then a safe
fixed-size buffer can be used.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.