]> git.ipfire.org Git - thirdparty/bird.git/commit
projects / thirdparty / bird.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a47704a) | patch
Printf: impossible buffer overflow fix
authorMaria Matejka <mq@ucw.cz>
Thu, 14 Nov 2024 22:34:28 +0000 (23:34 +0100)
committerOndrej Zajicek <santiago@crfreenet.org>
Mon, 2 Dec 2024 03:27:30 +0000 (04:27 +0100)
commit7ee27418a7d38542577c48abc43df57c0d3e69a5
tree3bc529b5fb11faea05a64990c08fc882afbe4e88tree
parenta47704a53db4f088e52e43f8b24785e5777ce147commit | diff
Printf: impossible buffer overflow fix

When printing near the end of the buffer, there was an overflow in two cases:

(1) %c and size is zero
(2) %1N, %1I, %1I4, %1I6 (auto-fill field_width for Net or IP), size is
    more than actual length of the net/ip but less than the auto-filled
    field width.

Manual code examination showed that nothing could have ever triggered
this behavior. All older versions of BIRD, including BIRD 3 development
versions, are totally safe. This exact overflow has been found while
implementing a new feature in later commits.
lib/printf.c diff | blob | blame | history
Mirror of https://gitlab.labs.nic.cz/labs/bird.git