oss-sec mailing list archives

Re: Re: Problems in automatic crash analysis frameworks

From: Michael Samuel <mik () miknet net>
Date: Wed, 15 Apr 2015 10:29:16 +1000

On 15 April 2015 at 07:08, Tavis Ormandy <taviso () google com> wrote:

import socket
socket.socket(socket.AF_UNIX, socket.SOCK_STREAM).bind('test\ntest')
sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
sock.bind('/tmp/foo\nbar')
sock.listen(1)


$ grep -A1 foo /proc/net/unix
0000000000000000: 00000002 00000000 00010000 0001 01 4772228 /tmp/foo
bar


This is a Linux kernel flaw/bug right?  It's a machine-readable
newline-delimited
/proc file, so it needs to escape newlines if they're valid data.

Regards,
  Michael

Current thread:

Re: Re: Problems in automatic crash analysis frameworks, (continued)
- - - Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
    - Re: Re: Problems in automatic crash analysis frameworks Tyler Hicks (Apr 16)
    - Re: Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 16)
    - Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
    - Re: Re: Problems in automatic crash analysis frameworks Michael Samuel (Apr 14)
    - Re: Re: Problems in automatic crash analysis frameworks Marc Deslauriers (Apr 14)
  - Re: Re: Problems in automatic crash analysis frameworks Kurt Seifried (Apr 14)
  - Re: Re: Problems in automatic crash analysis frameworks Florian Weimer (Apr 15)
- Re: Problems in automatic crash analysis frameworks Florian Weimer (Apr 15)
  - Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Problems in automatic crash analysis frameworks Hanno Böck (Apr 15)
  - Re: Problems in automatic crash analysis frameworks Tavis Ormandy (Apr 15)
- Re: Problems in automatic crash analysis frameworks cve-assign (Apr 15)
  - Re: Re: Problems in automatic crash analysis frameworks Huzaifa Sidhpurwala (Apr 15)
    - Re: Problems in automatic crash analysis frameworks cve-assign (Apr 15)

(Thread continues...)