]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b8fc6b3) | patch
log: sanity check the returned value from snprintf() 1225/head
authorLans Zhang <jia.zhang@windriver.com>
Mon, 10 Oct 2016 13:49:55 +0000 (21:49 +0800)
committerLans Zhang <jia.zhang@windriver.com>
Tue, 11 Oct 2016 01:28:08 +0000 (09:28 +0800)
commitf6c796102abe950821377a11f7ddd05199418365
treeb1079c443759732b6d13d2ff6a54b42c37a29913tree | snapshot
parentb8fc6b3671fb6bd3bce911b7e447d282ed2189b1commit | diff
log: sanity check the returned value from snprintf()

The returned value from snprintf() should be checked carefully.

This bug can be leveraged to execute arbitrary code through carefully
constructing the payload, e.g,

lxc-freeze -n `python -c "print 'AAAAAAAA' + 'B'*959"` -P PADPAD -o /tmp/log

This command running on Ubuntu 14.04 (x86-64) can cause a segment fault.

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
src/lxc/log.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git