Re: getgrouplist segfault?

Pavel Tsekov wrote:
       The glibc 2.3.2 implementation of this function is broken: it
       overwrites memory when the actual number of groups  is  larger
       than *ngroups.

As this is clearly a buffer overflow, we should not use the function at all and document this somewhere. Maybe like that:

#if 0
/* the glibc implementation of getgrouplist(3) has a
 * buffer overflow vulnerability, so we cannot use this function */


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]