On Tue, Jan 28, 2014 at 10:54 AM, Ryan Mallon wrote:
> On 29/01/14 09:51, Kees Cook wrote:
>
>> On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon wrote:
>>> On 28/01/14 11:39, Kees Cook wrote:
If arguments are consumed without output when encountering %n, it
could be used to benefit or
On 29/01/14 09:51, Kees Cook wrote:
> On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon wrote:
>> On 28/01/14 11:39, Kees Cook wrote:
>>> If arguments are consumed without output when encountering %n, it
>>> could be used to benefit or improve information leak attacks that were
>>> exposed via a
On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon wrote:
> On 28/01/14 11:39, Kees Cook wrote:
>> If arguments are consumed without output when encountering %n, it
>> could be used to benefit or improve information leak attacks that were
>> exposed via a limited size buffer. Since %n is not used by
On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon rmal...@gmail.com wrote:
On 28/01/14 11:39, Kees Cook wrote:
If arguments are consumed without output when encountering %n, it
could be used to benefit or improve information leak attacks that were
exposed via a limited size buffer. Since %n is not
On 29/01/14 09:51, Kees Cook wrote:
On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon rmal...@gmail.com wrote:
On 28/01/14 11:39, Kees Cook wrote:
If arguments are consumed without output when encountering %n, it
could be used to benefit or improve information leak attacks that were
exposed via a
On Tue, Jan 28, 2014 at 10:54 AM, Ryan Mallon rmal...@gmail.com wrote:
On 29/01/14 09:51, Kees Cook wrote:
On Mon, Jan 27, 2014 at 5:02 PM, Ryan Mallon rmal...@gmail.com wrote:
On 28/01/14 11:39, Kees Cook wrote:
If arguments are consumed without output when encountering %n, it
could be used
On 28/01/14 11:39, Kees Cook wrote:
> If arguments are consumed without output when encountering %n, it
> could be used to benefit or improve information leak attacks that were
> exposed via a limited size buffer. Since %n is not used by the kernel,
> there is no reason to make an info leak attack
On Mon, 2014-01-27 at 16:39 -0800, Kees Cook wrote:
> diff --git a/lib/vsprintf.c b/lib/vsprintf.c
[]
> @@ -1735,14 +1735,10 @@ int vsnprintf(char *buf, size_t size, const char
> *fmt, va_list args)
> case FORMAT_TYPE_NRCHARS: {
> /*
>*
If arguments are consumed without output when encountering %n, it
could be used to benefit or improve information leak attacks that were
exposed via a limited size buffer. Since %n is not used by the kernel,
there is no reason to make an info leak attack any easier.
Signed-off-by: Kees Cook
Cc:
If arguments are consumed without output when encountering %n, it
could be used to benefit or improve information leak attacks that were
exposed via a limited size buffer. Since %n is not used by the kernel,
there is no reason to make an info leak attack any easier.
Signed-off-by: Kees Cook
On Mon, 2014-01-27 at 16:39 -0800, Kees Cook wrote:
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
[]
@@ -1735,14 +1735,10 @@ int vsnprintf(char *buf, size_t size, const char
*fmt, va_list args)
case FORMAT_TYPE_NRCHARS: {
/*
* Since
On 28/01/14 11:39, Kees Cook wrote:
If arguments are consumed without output when encountering %n, it
could be used to benefit or improve information leak attacks that were
exposed via a limited size buffer. Since %n is not used by the kernel,
there is no reason to make an info leak attack any
12 matches
Mail list logo