Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: f6c796102abe950821377a11f7ddd05199418365
      https://github.com/lxc/lxc/commit/f6c796102abe950821377a11f7ddd05199418365
  Author: Lans Zhang <jia.zh...@windriver.com>
  Date:   2016-10-11 (Tue, 11 Oct 2016)

  Changed paths:
    M src/lxc/log.c

  Log Message:
  -----------
  log: sanity check the returned value from snprintf()

The returned value from snprintf() should be checked carefully.

This bug can be leveraged to execute arbitrary code through carefully
constructing the payload, e.g,

lxc-freeze -n `python -c "print 'AAAAAAAA' + 'B'*959"` -P PADPAD -o /tmp/log

This command running on Ubuntu 14.04 (x86-64) can cause a segment fault.

Signed-off-by: Lans Zhang <jia.zh...@windriver.com>


  Commit: aa74ed7b961aa0e6d0b8cec0f70c21c1faec82d9
      https://github.com/lxc/lxc/commit/aa74ed7b961aa0e6d0b8cec0f70c21c1faec82d9
  Author: Christian Brauner <christian.brau...@canonical.com>
  Date:   2016-10-12 (Wed, 12 Oct 2016)

  Changed paths:
    M src/lxc/log.c

  Log Message:
  -----------
  Merge pull request #1225 from jiazhang0/master

log: sanity check the returned value from snprintf()


Compare: https://github.com/lxc/lxc/compare/b8fc6b3671fb...aa74ed7b961a
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to