syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779) - glibc

diff options

author	Arjun Shankar <arjun@redhat.com>	2024-01-15 17:44:44 +0100
committer	Arjun Shankar <arjun@redhat.com>	2024-01-30 15:53:37 +0100
commit	7e5a0c286da33159d47d0122007aac016f3e02cd (patch)
tree	5645de1902e9a5f08f889cdfc71adc421972ce2f /stdlib/stdc_first_trailing_zero_ui.c
parent	syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246) (diff)
download	glibc-7e5a0c286da33159d47d0122007aac016f3e02cd.tar.xz glibc-7e5a0c286da33159d47d0122007aac016f3e02cd.zip

syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)

__vsyslog_internal used the return value of snprintf/vsnprintf to calculate buffer sizes for memory allocation. If these functions (for any reason) failed and returned -1, the resulting buffer would be too small to hold output. This commit fixes that. All snprintf/vsnprintf calls are checked for negative return values and the function silently returns upon encountering them. Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Diffstat (limited to 'stdlib/stdc_first_trailing_zero_ui.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: