Public bug reported:
Description: zipl/libc: Fix potential buffer overflow in printf
Symptom: Crash of the zipl boot loader during boot.
Problem: The zipl boot loaders have their own minimalistic libc
implementation. In it printf and sprintf use vsprintf for string
formatting. Per definition vsprintf assumes that the buffer it
writes to is large enough to contain the formatted string and
performs no size checks. This is problematic for the boot
loaders because the buffer they use are often allocated on the
stack. Thus even small changes to the string format can
potentially cause buffer overflows on the stack.
Solution: Implement vsnprintf and make use of it.
Reproduction: Use printf to print a string with >81 characters (exact number
depends on the stack layout/compiler used).
Upstream commit(s) for s390-tools:
6fe9e6c55c69c14971dca55551009f5060418aae
8874b908254c47c8a6fd7a1aca2c7371c11035c4
f7430027b41d5ad6220e962a179c2a5213330a44
36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
Problem was introduced with version 1.24. Therefore these patches need to be
applied to all distros in service.
** Affects: s390-tools (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-184097 severity-high
targetmilestone-inin2004
** Tags added: architecture-s39064 bugnameltc-184097 severity-high
targetmilestone-inin2004
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1865032
Title:
[UBUNTU] zipl/libc: Fix potential buffer overflow in printf
Status in s390-tools package in Ubuntu:
New
Bug description:
Description: zipl/libc: Fix potential buffer overflow in printf
Symptom: Crash of the zipl boot loader during boot.
Problem: The zipl boot loaders have their own minimalistic libc
implementation. In it printf and sprintf use vsprintf for
string
formatting. Per definition vsprintf assumes that the buffer it
writes to is large enough to contain the formatted string and
performs no size checks. This is problematic for the boot
loaders because the buffer they use are often allocated on the
stack. Thus even small changes to the string format can
potentially cause buffer overflows on the stack.
Solution: Implement vsnprintf and make use of it.
Reproduction: Use printf to print a string with >81 characters (exact number
depends on the stack layout/compiler used).
Upstream commit(s) for s390-tools:
6fe9e6c55c69c14971dca55551009f5060418aae
8874b908254c47c8a6fd7a1aca2c7371c11035c4
f7430027b41d5ad6220e962a179c2a5213330a44
36fed0e6c6590631c4ce1707c8fe3c3397bcce4d
Problem was introduced with version 1.24. Therefore these patches need to be
applied to all distros in service.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s390-tools/+bug/1865032/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
