[BusyBox 0004184]: printf buffer overflow
bugs at busybox.net
bugs at busybox.net
Thu Jul 17 00:32:42 UTC 2008
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=4184
======================================================================
Reported By: cristic
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 4184
Category: Other
Reproducibility: always
Severity: minor
Priority: normal
Status: assigned
======================================================================
Date Submitted: 07-16-2008 17:32 PDT
Last Modified: 07-16-2008 17:32 PDT
======================================================================
Summary: printf buffer overflow
Description:
Hi, "printf %" leads to a buffer overflow, and prints random values from
the stack:
This should be rejected as in Coreutils:
$ printf %
./printf: %: invalid conversion specification
The problem is that printf does not validate the format specifier. One
possible fix would be to add a check along these lines this after line 201
in
printf.c:
direc_start = f++;
+ if (*f == '\0')
+ fprintf(stderr, "invalid conversion
specification");
direc_length = 1;
field_width = precision = -1;
if (*f == '%') {
bb_putchar('%');
break;
}
Thanks,
Cristian
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
07-16-08 17:32 cristic New Issue
07-16-08 17:32 cristic Status new => assigned
07-16-08 17:32 cristic Assigned To => BusyBox
======================================================================
More information about the busybox-cvs
mailing list