This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/14752] New: Unsafe use of alloca in shm_open


http://sourceware.org/bugzilla/show_bug.cgi?id=14752

             Bug #: 14752
           Summary: Unsafe use of alloca in shm_open
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: unassigned@sourceware.org
        ReportedBy: bugdal@aerifal.cx
                CC: drepper.fsp@gmail.com
    Classification: Unclassified


shm_open passes an arbitrarily-large value resulting from strlen to alloca,
resulting in stack overflow. As there is no interface for supporting
"directories" of shared memory, it makes sense to just bound the length by
NAME_MAX and return an error if the input name is longer. Then a safe
fixed-size buffer can be used.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]