oss-sec mailing list archives

Re: Nagios format string issues

From: Oden Eriksson <oeriksson () mandriva com>
Date: Tue, 12 Oct 2010 17:11:44 +0200

torsdag 07 oktober 2010 10:55:49 skrev  Tomas Hoger:

On Wed, 6 Oct 2010 21:56:09 +0200 Oden Eriksson wrote:

I just extracted the patches I made at the time. I cannot tell which
of them deserves CVE assignments though. I have put them here:

http://n1.nux.se/work/format_not_a_string_literal_and_no_format_arguments
/


Did you use any specific way to identify all these?  From a quick look
at a few randomly chosen patches, there seem to be cases where one call
was fixed, other left unchanged.  That's only for the code visible in
the context diff.


This was discovered when we started using -Wformat -Werror=format-security

There are few incorrect fixes too:

-  g_snprintf (gev.data.b, sizeof (gev.data.b), message);
+  g_snprintf (gev.data.b, sizeof (gev.data.b), message, "%s");


Whoops!

-- 
Regards // Oden Eriksson
Security team manager - Mandriva
CEO NUX AB

Current thread:

Nagios format string issues Florian Weimer (Oct 05)
- Re: Nagios format string issues Oden Eriksson (Oct 06)
- <Possible follow-ups>
- Re: Nagios format string issues Josh Bressers (Oct 06)
  - Re: Nagios format string issues Steven M. Christey (Oct 06)
  - Re: Nagios format string issues Oden Eriksson (Oct 06)
    - Re: Nagios format string issues Tomas Hoger (Oct 07)
    - Re: Nagios format string issues Oden Eriksson (Oct 12)