Re: Potential Format String Vulnerability

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential Format String Vulnerability

From:	Thomas Dickey
Subject:	Re: Potential Format String Vulnerability
Date:	Fri, 13 Jul 2012 15:56:05 -0400
User-agent:	Mutt/1.5.18 (2008-05-17)

On Fri, Jul 13, 2012 at 03:59:52PM +0100, Armin Ronacher wrote:
> Hi,
> 
> The terminfo files contain format strings in some places and you can get
> ncurses to segfault if you change them around.  Before invoking tparm, there
> should be some check that the format string is of the correct format because
> you can definitely get apps to segfault this way.

You'll have to be more specific: without changing the scope of the library
(for instance, to catch SIGBUS), there's checks for non-null pointers
that barring a bug-report are performing the in-scope checks needed.

For what it's worth, someone can always do something like

       tparm((char *)123);

and get a core dump

-- 
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net

signature.asc
Description: Digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Potential Format String Vulnerability, Armin Ronacher, 2012/07/13
- Re: Potential Format String Vulnerability, Thomas Dickey <=

Prev by Date: Potential Format String Vulnerability
Next by Date: ncurses-5.9-20120714.patch.gz
Previous by thread: Potential Format String Vulnerability
Next by thread: ncurses-5.9-20120714.patch.gz
Index(es):
- Date
- Thread