Re: SECURITY: bug in Berkeley DB on some systems (eg. Solaris <= 2.5) [#375]
- From: Frederic Devernay <devernay istar fr>
- To: Sleepycat Software <db abyssinian sleepycat com>
- Cc: GNOME list <gnome-list gnome org>
- Subject: Re: SECURITY: bug in Berkeley DB on some systems (eg. Solaris <= 2.5) [#375]
- Date: Fri, 11 Dec 1998 15:07:11 +0100
Support request #375.
The problem is that:
Solaris up to 2.5 didn't have snprintf, so every Berkeley DB compiled on
these systems will include the fake snprintf.
I you write a program that uses snprintf, and you have a _clean_
implementation of snprintf somewhere (let's say in libgnomesupport.a)
which you rely on, but on the link line you have
gcc prog.o -ldb -lgnomesupport ...
then you program will use the implementation provided in libdb because
it comes first !!!!
Even if you're using a libdb.a which was compiled on Solaris 2.5 (which
includes the buggy snprintf) and you are on Solaris 2.6 (2.6 implements
snprintf in libc), then since libdb will always be before libc, your
program will always use the libdb snprintf! (this was my case when I
found the bug, and you must admit it's very disappointing)
I propose that you modify db to either:
a- make the fake snprintf and derivatives static wherever they're used
b- not use snprintf if it's not in the system libraries
c- provide a _clean_ implementation of snprintf (there are quite a lot
around here, in various implementations of libc, and in glib -- which
comes with gtk)
I personnaly prefer a- or c-.
This bug should be considered serious. Not just because I spent a few
hours trying to find why a libc function gives the wrong result, but
because good software usually RELIES on the security offered by
snprintf.
Frederic Devernay
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
