httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: and now back to snprintf (fwd)
Date Thu, 16 Jan 1997 03:00:27 GMT
On Wed, 15 Jan 1997, Jim Jagielski wrote:

> Marc Slemko wrote:
> > 
> > WRT your claim you can safely abort if there is an overflow: if you are
> > able to exploit it, it is possible that the exploit would go into play
> > when sprintf() does its return() depending on how they do it (ie. if they
> > do something like overwriting the eip/pc/whatever your platform calls it). 
> > If that happens, you will never GET to your abort. 
> > 
> 
> The point is that if we provide a simple wrapper, should it be brain-
> dead and just cross our fingers and say "too bad" or should we
> attempt to at least provide a wrapper that may, in some way, provide
> some clues or some (admittedly minor) protection.

Hang on a sec here.  Let's understand what who is saying before we go any
further.

What are you suggesting your wrapper around sprintf() for?  I was under
the impression that you were suggesting avoiding portability problems with
our snprintf() implementation by simply using a wrapper around sprintf()
instead, but looking at what you are saying now perhaps that is a
mistaken impression?

> I vote that we either do NOT provide a last-ditch wrapper or, if
> we do, it not be the simple snprintf->sprintf one. The former
> is the best solution for the group; the latter opens us up to
> nasty CERT advisories. If we decide to take that risk, we should do
> all we can to minimize it, be that error logging or immediate
> aborting or whatever. 

Ok, so let's only include support for using our snprintf or the
vendor one but put a comment in the code that, if neither will work
on your platform you can, at your risk, make one that is a wrapper
around sprintf() but it is a huge security hole and you would be
better off working with us to get ap_snprintf to work on your
platform.  Or we just say talk to us and we will try to make
ap_snprintf compile.

Has anyone checked to be sure the latest changes (1.1.[2,3] stuff,
etc.) and the ap_snprintf stuff works on OS/2?  Does it have
snprintf()?


Mime
View raw message