lib/58390: vis(3) and family should be async-signal-safe

To: lib-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: lib/58390: vis(3) and family should be async-signal-safe
From: campbell+netbsd%mumble.net@localhost
Date: Mon, 1 Jul 2024 22:55:01 +0000 (UTC)

>Number:         58390
>Category:       lib
>Synopsis:       vis(3) and family should be async-signal-safe
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Jul 01 22:55:01 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9, ...
>Organization:
The\040NetBSD\040Foundation\012
>Environment:
>Description:
vis(3) is useful for formatting terminal-safe log messages of untrusted inputs, which is sometimes tempting and/or useful to do in signal handlers.

Most of the vis(3) functions, with the exception of stravis, place their output in a caller-allocated buffer, so there is no need for them to allocate storage.

They should be rewritten to avoid malloc so they can be safe to call in signal handlers.
>How-To-Repeat:
find a self-inflicted NetBSD-specific possible remote code execution vector in openssh (our local patches pass log messages through strnvis for some reason)
>Fix:
Yes, please!

Prev by Date: lib/58389: syslog_r should be async-signal-safe
Next by Date: PR/58352 CVS commit: src/external/gpl3/gcc
Previous by Thread: lib/58389: syslog_r should be async-signal-safe
Next by Thread: PR/58352 CVS commit: src/external/gpl3/gcc
Indexes:

Home | Main Index | Thread Index | Old Index