Re: getgrouplist segfault?

From: Roland Illig <roland illig gmx de>
To: Pavel Tsekov <ptsekov gmx net>
Cc: mc-devel gnome org
Subject: Re: getgrouplist segfault?
Date: Wed, 06 Jul 2005 20:15:20 +0200

Pavel Tsekov wrote:

BUGS
       The glibc 2.3.2 implementation of this function is broken: it
       overwrites memory when the actual number of groups  is  larger
       than *ngroups.

As this is clearly a buffer overflow, we should not use the function atall and document this somewhere. Maybe like that:


#if 0
/* the glibc implementation of getgrouplist(3) has a
 * buffer overflow vulnerability, so we cannot use this function */
...
#endif

Roland

Follow-Ups:
- Re: getgrouplist segfault?
  - From: Leonard den Ottolander

References:
- getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Pavel Tsekov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]