bug-inetutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fixing the ftp crashes found via fuzzer


From: Erik Auerswald
Subject: Re: fixing the ftp crashes found via fuzzer
Date: Sat, 1 Oct 2022 18:39:46 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0

Hi,

On 21.09.22 09:15, Simon Josefsson wrote:
Erik Auerswald <auerswal@unix-ag.uni-kl.de> writes:

I'll try to commit and push regression tests and fixes for the first,
third, and fourth problem during the weekend.

Thank you.

What do you all think regarding recursive macros (the second problem)?

Having an arbitrary sized recusion limit of, say, depth 100, while not
ideal (not sure what would be?), may be acceptable.  Alternative, simply
document that the code is vulnerable to infinite recursion.

I think I'll look into adding an arbitrary recursion limit
(with a compile time constant) to avoid the crash on running
out of stack memory.

My first idea is to add a static counter to domacro().  If
it is over the recursion limit when entering the function,
then leave it with an error message.  Otherwise increment
it.  Decrement it before leaving the function.

I'll have to check how many exits the function has.

Br,
Erik



reply via email to

[Prev in Thread] Current Thread [Next in Thread]