Re: CVS commit: src/lib/libc/stdio

To: source-changes-d%netbsd.org@localhost
Subject: Re: CVS commit: src/lib/libc/stdio
From: NONAKA Kimihiro <nonakap%gmail.com@localhost>
Date: Sat, 18 Feb 2012 07:10:06 +0900

Hi,

2012/2/18 Christos Zoulas <christos%netbsd.org@localhost>:

> Module Name:    src
> Committed By:   christos
> Date:           Fri Feb 17 19:57:53 UTC 2012
>
> Modified Files:
>        src/lib/libc/stdio: vfwprintf.c
>
> Log Message:
> Fix: CVE-2012-0864 fprintf() positional argument abuse.
> Described in: http://www.phrack.org/issues.html?issue=67&id=9#article
> Reported by Stefan Cornelius / Red Hat Security Response Team
>
> - convert internal positional arguments bookkeeping from int to size_t
> - provide overflow protection in positional argument spec
> - convert loops to memset
> - fix memory leaks
> - limit positional argument stack offset to the number of arguments required
>  by the printf to avoid coredump from va_arg() exhaustion.

#   compile  libc/vfprintf.ln
CC=/usr/local/netbsd-tools/i386/bin/i686--netbsdelf-gcc
/usr/local/netbsd-tools/i386/bin/i686--netbsdelf-lint -chapbxzFS -w -X
272 -d /home/snapshot/20120217/root/i386/usr/include  -D_LIBC
-DLIBC_SCCS -DSYSLIBC_SCCS -D_REENTRANT -DHESIOD -DINET6 -DNLS -DYP
-I/usr/src/lib/libc/include -I/usr/src/lib/libc -I/usr/src/sys
-I/usr/src/lib/libc/compat/../locale -I/usr/src/lib/libc/compat/stdlib
-I/usr/src/lib/libc/compat/../stdlib
-I/usr/src/lib/libc/../../common/lib/libc/quad
-I/usr/src/lib/libc/../../common/lib/libc/string
-I/usr/src/lib/libc/../../common/lib/libc/arch/i386/string
-D__DBINTERFACE_PRIVATE -I/usr/src/libexec/ld.elf_so
-I/usr/src/lib/libc/dlfcn -I/usr/src/lib/libc/gdtoa -DNO_FENV_H
-I/usr/src/lib/libc/arch/i386/gdtoa -DWITH_RUNE -I/usr/src/lib/libc
-DPOSIX_MISTAKE -DCOMPAT__RES -DUSE_POLL -DPORTMAP -DWIDE_DOUBLE
-DALL_STATE -DUSG_COMPAT -D_FORTIFY_SOURCE=2    -i
/usr/src/lib/libc/stdio/vfprintf.c
/usr/src/lib/libc/stdio/vfwprintf.c(1934): warning: n unused in
function __grow_type_table [192]

*** Failed target:  vfprintf.ln
*** Failed command:
CC=/usr/local/netbsd-tools/i386/bin/i686--netbsdelf-gcc
/usr/local/netbsd-tools/i386/bin/i686--netbsdelf-lint -chapbxzFS -w -X
272 -d /home/snapshot/20120217/root/i386/usr/include -D_LIBC
-DLIBC_SCCS -DSYSLIBC_SCCS -D_REENTRANT -DHESIOD -DINET6 -DNLS -DYP
-I/usr/src/lib/libc/include -I/usr/src/lib/libc -I/usr/src/sys
-I/usr/src/lib/libc/compat/../locale -I/usr/src/lib/libc/compat/stdlib
-I/usr/src/lib/libc/compat/../stdlib
-I/usr/src/lib/libc/../../common/lib/libc/quad
-I/usr/src/lib/libc/../../common/lib/libc/string
-I/usr/src/lib/libc/../../common/lib/libc/arch/i386/string
-D__DBINTERFACE_PRIVATE -I/usr/src/libexec/ld.elf_so
-I/usr/src/lib/libc/dlfcn -I/usr/src/lib/libc/gdtoa -DNO_FENV_H
-I/usr/src/lib/libc/arch/i386/gdtoa -DWITH_RUNE -I/usr/src/lib/libc
-DPOSIX_MISTAKE -DCOMPAT__RES -DUSE_POLL -DPORTMAP -DWIDE_DOUBLE
-DALL_STATE -DUSG_COMPAT -D_FORTIFY_SOURCE=2 -i
/usr/src/lib/libc/stdio/vfprintf.c
*** Error code 1

Stop.
nbmake: stopped in /usr/src/lib/libc


Regards,
-- 
NONAKA Kimihiro

Prev by Date: Re: CVS commit: othersrc/crypto/external/bsd/ssss/dist/src/libssss
Next by Date: Re: CVS commit: src
Previous by Thread: testing new postinstall check/fix pwd_mkdb
Next by Thread: Re: CVS commit: src
Indexes:

Home | Main Index | Thread Index | Old Index