[prev in list] [next in list] [prev in thread] [next in thread]
List: ncurses-bug
Subject: Re: Potential Format String Vulnerability
From: Thomas Dickey <dickey () his ! com>
Date: 2012-07-13 19:56:05
Message-ID: 20120713195605.GA4207 () debian50-32 ! invisible-island ! net
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Fri, Jul 13, 2012 at 03:59:52PM +0100, Armin Ronacher wrote:
> Hi,
>
> The terminfo files contain format strings in some places and you can get
> ncurses to segfault if you change them around. Before invoking tparm, there
> should be some check that the format string is of the correct format because
> you can definitely get apps to segfault this way.
You'll have to be more specific: without changing the scope of the library
(for instance, to catch SIGBUS), there's checks for non-null pointers
that barring a bug-report are performing the in-scope checks needed.
For what it's worth, someone can always do something like
tparm((char *)123);
and get a core dump
--
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net
["signature.asc" (application/pgp-signature)]
_______________________________________________
Bug-ncurses mailing list
Bug-ncurses@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-ncurses
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic