search for: parse_printf_format

Displaying 1 result from an estimated 1 matches for "parse_printf_format".

2015 Jul 04
0
[Bug 11383] New: rsync_panic_handler may execute incomplete command
...ignal handling. I believe there may be some issues as well in that the result of get_panic_action is not validated for its usage, and I believe the printf family of functions can do non-failing information disclosure sorts of behaviors if there are more format parameters than passed in. There is a parse_printf_format function in glibc at least that could be used to validate the format matches the inputs given to it instead of possibly leaking stack values occurring after the arguments to snprintf. -- You are receiving this mail because: You are the QA Contact for the bug.