Hi, 2012/2/18 Christos Zoulas <chris...@netbsd.org>:
> Module Name: src > Committed By: christos > Date: Fri Feb 17 19:57:53 UTC 2012 > > Modified Files: > src/lib/libc/stdio: vfwprintf.c > > Log Message: > Fix: CVE-2012-0864 fprintf() positional argument abuse. > Described in: http://www.phrack.org/issues.html?issue=67&id=9#article > Reported by Stefan Cornelius / Red Hat Security Response Team > > - convert internal positional arguments bookkeeping from int to size_t > - provide overflow protection in positional argument spec > - convert loops to memset > - fix memory leaks > - limit positional argument stack offset to the number of arguments required > by the printf to avoid coredump from va_arg() exhaustion. # compile libc/vfprintf.ln CC=/usr/local/netbsd-tools/i386/bin/i686--netbsdelf-gcc /usr/local/netbsd-tools/i386/bin/i686--netbsdelf-lint -chapbxzFS -w -X 272 -d /home/snapshot/20120217/root/i386/usr/include -D_LIBC -DLIBC_SCCS -DSYSLIBC_SCCS -D_REENTRANT -DHESIOD -DINET6 -DNLS -DYP -I/usr/src/lib/libc/include -I/usr/src/lib/libc -I/usr/src/sys -I/usr/src/lib/libc/compat/../locale -I/usr/src/lib/libc/compat/stdlib -I/usr/src/lib/libc/compat/../stdlib -I/usr/src/lib/libc/../../common/lib/libc/quad -I/usr/src/lib/libc/../../common/lib/libc/string -I/usr/src/lib/libc/../../common/lib/libc/arch/i386/string -D__DBINTERFACE_PRIVATE -I/usr/src/libexec/ld.elf_so -I/usr/src/lib/libc/dlfcn -I/usr/src/lib/libc/gdtoa -DNO_FENV_H -I/usr/src/lib/libc/arch/i386/gdtoa -DWITH_RUNE -I/usr/src/lib/libc -DPOSIX_MISTAKE -DCOMPAT__RES -DUSE_POLL -DPORTMAP -DWIDE_DOUBLE -DALL_STATE -DUSG_COMPAT -D_FORTIFY_SOURCE=2 -i /usr/src/lib/libc/stdio/vfprintf.c /usr/src/lib/libc/stdio/vfwprintf.c(1934): warning: n unused in function __grow_type_table [192] *** Failed target: vfprintf.ln *** Failed command: CC=/usr/local/netbsd-tools/i386/bin/i686--netbsdelf-gcc /usr/local/netbsd-tools/i386/bin/i686--netbsdelf-lint -chapbxzFS -w -X 272 -d /home/snapshot/20120217/root/i386/usr/include -D_LIBC -DLIBC_SCCS -DSYSLIBC_SCCS -D_REENTRANT -DHESIOD -DINET6 -DNLS -DYP -I/usr/src/lib/libc/include -I/usr/src/lib/libc -I/usr/src/sys -I/usr/src/lib/libc/compat/../locale -I/usr/src/lib/libc/compat/stdlib -I/usr/src/lib/libc/compat/../stdlib -I/usr/src/lib/libc/../../common/lib/libc/quad -I/usr/src/lib/libc/../../common/lib/libc/string -I/usr/src/lib/libc/../../common/lib/libc/arch/i386/string -D__DBINTERFACE_PRIVATE -I/usr/src/libexec/ld.elf_so -I/usr/src/lib/libc/dlfcn -I/usr/src/lib/libc/gdtoa -DNO_FENV_H -I/usr/src/lib/libc/arch/i386/gdtoa -DWITH_RUNE -I/usr/src/lib/libc -DPOSIX_MISTAKE -DCOMPAT__RES -DUSE_POLL -DPORTMAP -DWIDE_DOUBLE -DALL_STATE -DUSG_COMPAT -D_FORTIFY_SOURCE=2 -i /usr/src/lib/libc/stdio/vfprintf.c *** Error code 1 Stop. nbmake: stopped in /usr/src/lib/libc Regards, -- NONAKA Kimihiro
