[lxc-devel] [lxc/lxc] f6c796: log: sanity check the returned value from snprintf...
GitHub
noreply at github.com
Wed Oct 12 09:49:59 UTC 2016
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: f6c796102abe950821377a11f7ddd05199418365
https://github.com/lxc/lxc/commit/f6c796102abe950821377a11f7ddd05199418365
Author: Lans Zhang <jia.zhang at windriver.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M src/lxc/log.c
Log Message:
-----------
log: sanity check the returned value from snprintf()
The returned value from snprintf() should be checked carefully.
This bug can be leveraged to execute arbitrary code through carefully
constructing the payload, e.g,
lxc-freeze -n `python -c "print 'AAAAAAAA' + 'B'*959"` -P PADPAD -o /tmp/log
This command running on Ubuntu 14.04 (x86-64) can cause a segment fault.
Signed-off-by: Lans Zhang <jia.zhang at windriver.com>
Commit: aa74ed7b961aa0e6d0b8cec0f70c21c1faec82d9
https://github.com/lxc/lxc/commit/aa74ed7b961aa0e6d0b8cec0f70c21c1faec82d9
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-10-12 (Wed, 12 Oct 2016)
Changed paths:
M src/lxc/log.c
Log Message:
-----------
Merge pull request #1225 from jiazhang0/master
log: sanity check the returned value from snprintf()
Compare: https://github.com/lxc/lxc/compare/b8fc6b3671fb...aa74ed7b961a
More information about the lxc-devel
mailing list