System and Kernel Log Daemon: Potential crash bug in klogd: fsca

From: Ulf Härnhammar <Ulf.Harnhammar.9485@student.uu.se>
Date: Thu Jul 15 2004 - 23:43:49 CEST

Hello,

I have discovered a potential crash bug in sysklogd. The klogd daemon
doesn't handle really malformed System.map files very well. It has
two fscanf() calls with "%s" format strings that stores to char
sym[512] arrays. This causes a crash if the string field in the
file is longer than that.

Despite being a buffer overflow, this is not a security problem, as
only root can change the System.map file. Nevertheless, I think it
is worth fixing, as the Right Thing for a program should be not to
assume anything about its input and to handle various problems well.

I have attached the first few lines of a System.map file that causes
this problem, as well as a patch against sysklogd-1.4.1.

// Ulf Harnhammar
http://www.advogato.org/person/metaur/

text/x-patch attachment: ksym.dontcrash.patch

application/octet-stream attachment: System.map.crash

Received on Thu, 15 Jul 2004 23:43:49 +0200

This archive was generated by hypermail 2.1.8 : Fri Jul 16 2004 - 07:37:16 CEST

Potential crash bug in klogd: fscanf(f, "%s", str)