Re: getgrouplist segfault?

From: Leonard den Ottolander <leonard den ottolander nl>
To: MC Devel <mc-devel gnome org>
Subject: Re: getgrouplist segfault?
Date: Wed, 06 Jul 2005 20:39:34 +0200

Hello Roland,

On Wed, 2005-07-06 at 20:15, Roland Illig wrote:
> Pavel Tsekov wrote:
> > BUGS
> >        The glibc 2.3.2 implementation of this function is broken: it
> >        overwrites memory when the actual number of groups  is  larger
> >        than *ngroups.
> 
> As this is clearly a buffer overflow, we should not use the function at 
> all and document this somewhere. Maybe like that:
> 
> #if 0
> /* the glibc implementation of getgrouplist(3) has a
>   * buffer overflow vulnerability, so we cannot use this function */
> ...
> #endif

What a curious suggestion. If we wouldn't use functions that might have
been poorly implemented in any version of any library mc uses there
wouldn't be many functions left to use after a while. If this is indeed
a glibc issue the user should patch his glibc.

Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research

Follow-Ups:
- Re: getgrouplist segfault?
  - From: Pavel Tsekov

References:
- getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Anton Monroe
- Re: getgrouplist segfault?
  - From: Pavel Tsekov
- Re: getgrouplist segfault?
  - From: Roland Illig

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]