diff options
Diffstat (limited to 'main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch')
-rw-r--r-- | main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch b/main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch deleted file mode 100644 index 630151b406..0000000000 --- a/main/strongswan/0401-printf-hook-builtin-Fix-invalid-memory-access.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 944e99d57243fb42ccb2be475c8386a0c4c116f4 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Mon, 27 Jul 2015 11:18:53 +0200 -Subject: [PATCH] printf-hook-builtin: Fix invalid memory access - -When precision is given for a string, we must not run unbounded -strlen() as it will read beyond the given length. It might even cause -a crash if the given pointer is near end of heap or mapping. - -Fixes numerous valgrind errors such as: - -==19215== Invalid read of size 1 -==19215== at 0x52D36C6: builtin_vsnprintf (printf_hook_builtin.c:853) -==19215== by 0x52D40A8: builtin_snprintf (printf_hook_builtin.c:1084) -==19215== by 0x52CE464: dntoa (identification.c:337) -==19215== by 0x52CE464: identification_printf_hook (identification.c:837) -==19215== by 0x52D3DAA: builtin_vsnprintf (printf_hook_builtin.c:1010) -==19215== by 0x57040EB: vlog (bus.c:388) -==19215== by 0x570427D: log_ (bus.c:430) -==19215== by 0xA8445D3: load_x509_ca (stroke_cred.c:416) -==19215== by 0xA8445D3: load_certdir (stroke_cred.c:537) -==19215== by 0xA846A95: load_certs (stroke_cred.c:1353) -==19215== by 0xA846A95: stroke_cred_create (stroke_cred.c:1475) -==19215== by 0xA84073E: stroke_socket_create (stroke_socket.c:782) -==19215== by 0xA83F27C: register_stroke (stroke_plugin.c:53) -==19215== by 0x52C3125: load_feature (plugin_loader.c:716) -==19215== by 0x52C3125: load_provided (plugin_loader.c:778) -==19215== by 0x52C3A20: load_features (plugin_loader.c:799) -==19215== by 0x52C3A20: load_plugins (plugin_loader.c:1159) -==19215== Address 0x50cdb42 is 0 bytes after a block of size 2 alloc'd -==19215== at 0x4C919FE: malloc (vg_replace_malloc.c:296) -==19215== by 0x52CD198: chunk_printable (chunk.c:759) -==19215== by 0x52CE442: dntoa (identification.c:334) -==19215== by 0x52CE442: identification_printf_hook (identification.c:837) -==19215== by 0x52D3DAA: builtin_vsnprintf (printf_hook_builtin.c:1010) -==19215== by 0x57040EB: vlog (bus.c:388) -==19215== by 0x570427D: log_ (bus.c:430) -==19215== by 0xA8445D3: load_x509_ca (stroke_cred.c:416) -==19215== by 0xA8445D3: load_certdir (stroke_cred.c:537) -==19215== by 0xA846A95: load_certs (stroke_cred.c:1353) -==19215== by 0xA846A95: stroke_cred_create (stroke_cred.c:1475) -==19215== by 0xA84073E: stroke_socket_create (stroke_socket.c:782) -==19215== by 0xA83F27C: register_stroke (stroke_plugin.c:53) -==19215== by 0x52C3125: load_feature (plugin_loader.c:716) -==19215== by 0x52C3125: load_provided (plugin_loader.c:778) -==19215== by 0x52C3A20: load_features (plugin_loader.c:799) -==19215== by 0x52C3A20: load_plugins (plugin_loader.c:1159) ---- - src/libstrongswan/utils/printf_hook/printf_hook_builtin.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c -index 466c673..af54940 100644 ---- a/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c -+++ b/src/libstrongswan/utils/printf_hook/printf_hook_builtin.c -@@ -843,7 +843,8 @@ int builtin_vsnprintf(char *buffer, size_t n, const char *format, va_list ap) - /* String */ - sarg = va_arg(ap, const char *); - sarg = sarg ? sarg : "(null)"; -- slen = strlen(sarg); -+ slen = prec != -1 ? strnlen(sarg, prec) -+ : strlen(sarg); - goto is_string; - } - case 'm': --- -2.4.6 - |