Re: [ANNOUNCE] libnftnl 1.0.8 release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2017-10-13 01:41, Pablo Neira Ayuso wrote:
>
>        libnftnl 1.0.8

Here's a buffer overflow reported by gcc:

expr/data_reg.c: In function 'nftnl_data_reg_json_parse':
expr/data_reg.c:69:27: warning: '%d' directive writing between 1 and 10 bytes into a region of size 2 [-Wformat-overflow=]
   sprintf(node_name, "data%d", i);
                           ^~
expr/data_reg.c:69:22: note: directive argument in the range [0, 2147483647]
   sprintf(node_name, "data%d", i);
                      ^~~~~~~~
In file included from /usr/include/stdio.h:862:0,
                 from expr/data_reg.c:12:
/usr/include/bits/stdio2.h:33:10: note: '__builtin___sprintf_chk' output between 6 and 15 bytes into a destination of size 6
   return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
       __bos (__s), __fmt, __va_arg_pack ());
       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


AFAICS it's triggerable when reg->len > 396.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux