* Andrew Makhorin <[EMAIL PROTECTED]> [2007-09-14 13:13]:

> Friday, September 14, 2007, 12:21:09 PM, you wrote:
>
> > I am a bit confused here: xvprintf is called by xprintf in
> > src/glplib05.c. The xprintf function is actually available in the
> > public API through _glp_lib_xprintf. It would then be possible to
> > write a malicious program linked against libglpk that would exploit
> > the buffer overflow vulnerability described in this bug report.
> > Please, tell me whether I am wrong or not.
> 
> _glp_lib_xprintf is *not* api routine and formally being not declared
> in glpk.h it is not available to the user.

Unfortunately, this is not the case.  The following works here with GLPK
4.21:

    $ cat test.c
    main () { _glp_lib_xprintf ("Ouch!\n"); }
    $ gcc test.c -o test -lglpk
    $ ./test
    Ouch!

Even though _glp_lib_xprintf is not declared in glpk.h, it is available in
libglpk.so and malicious programs *_can_* be written that could exploit the
vulnerability.
    
-- 
Rafael



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to