* Andrew Makhorin <[EMAIL PROTECTED]> [2007-09-14 13:13]: > Friday, September 14, 2007, 12:21:09 PM, you wrote: > > > I am a bit confused here: xvprintf is called by xprintf in > > src/glplib05.c. The xprintf function is actually available in the > > public API through _glp_lib_xprintf. It would then be possible to > > write a malicious program linked against libglpk that would exploit > > the buffer overflow vulnerability described in this bug report. > > Please, tell me whether I am wrong or not. > > _glp_lib_xprintf is *not* api routine and formally being not declared > in glpk.h it is not available to the user.
Unfortunately, this is not the case. The following works here with GLPK 4.21: $ cat test.c main () { _glp_lib_xprintf ("Ouch!\n"); } $ gcc test.c -o test -lglpk $ ./test Ouch! Even though _glp_lib_xprintf is not declared in glpk.h, it is available in libglpk.so and malicious programs *_can_* be written that could exploit the vulnerability. -- Rafael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]