Nice, but i have an other question, based to the comments in the code:
* The arguments are combined and sent as one write operation. Note that * IE will puke big-time if the headers are not sent in one packet and the * second packet is delayed for any reason. the only reason we need to buffer everything is because of IE whatever. Can someone confirm that this is still needed ? re, wh Am 21.11.2016 16:50, schrieb Jody Bruchon: > On 2016-11-21 09:53, Raphael de Carvalho Muniz wrote: >> We understand that the resulting program may have vulnerabilities when >> the macro "#if ENABLE_FEATURE_HTTPD_RANGES" is enabled, by the fact of >> utilization that sprintf() function. Second the CWE Project, is the >> classified by CWE-134, where the use this function that accepts a >> format string as an argument, but the format string can originate from >> an external source. >> >> Still second the CWE Project, this vulnerability can cause >> consequences related a with confidentiality, integrity and >> availability, like allow for information disclosure which can severely >> simplify exploitation of the program and the execution of arbitrary code. >> >> We'd very grateful if you could say to us if are you understand this >> how a vulnerability and if you have a motivation to correct. >> > I'm offering up this patch to fix the problem you've reported. I haven't > tested it but it should be functionally identical and close the most > obvious sprintf security holes I found on a cursory examination. Hope > this helps. > > -Jody Bruchon > > > _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
