[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

so-called snprintf() in db-1.85.4

From: Thomas Roessler <roessler guug de>
To: linux-security redhat com
Cc: "The mutt developpers' list" <mutt-dev cs hmc edu>, gertjan cs vu nl
Subject: so-called snprintf() in db-1.85.4
Date: Tue, 8 Jul 1997 21:33:55 +0200

Hi,

There is a severe problem with the db-1.85.4 library's Linux
port that can be found on sunsite.unc.edu under
/pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library
contains a "snprintf" function which breaks down to a common
sprintf, ignoring the size parameter.  Obviously, this was
thought to be a terribly bad work-around for C libraries which
don't contain an snprintf routine of their own.  The
consequences of this bug are obvious: Any program which is
linked with libdb.so.1.85.4 and relies on snprintf(3) to do
it's bounds checking doesn't have any bounds checking at all.

Note that recent linux C libraries contain an snprintf(3)
function of their own which does it's job properly.  Thus, the
fix is to simply remove snprintf.o from libdb.

tlr
-- 
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
   1280/593238E1 · AE 24 38 88 1B 45 E4 C6  03 F5 15 6E 9C CA FD DB

Follow-Ups:
- Re: [linux-security] so-called snprintf() in db-1.85.4
  - From: Hal DeVore
- Re: [linux-security] so-called snprintf() in db-1.85.4
  - From: Glynn Clements

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]