Le 21/07/2021 à 16:51, Bernard Rosset via Dng a écrit : >> https://www.zdnet.com/article/nasty-linux-systemd-security-bug-revealed/ > > I'll be projecting myself here, but I reckon sharing the original > source rather than journalistic articles whenever possible is best > towards a tech-savvy audience. > > The source (included in above article) is here: > https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1
The code shows the use of strdupa(). There is a family of functions which are extensions of POSIX functions, with the suffix 'a' which allocate space for the returned string from the stack. They are very convenient for lazy programmer, but (slightly ?) dangerous and do not belong to POSIX. I've found a discussion between a developper and Lennart Poeterring in which LP recommends the addition of this kind of functions in Musl libc (which will certainly never happen). It's slightly amusing how the author of such a critical software as systemd lacks a culture of security. https://github.com/systemd/casync/issues/129 <https://github.com/systemd/casync/issues/129> -- Didier _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
