** Also affects: lxc (Ubuntu Precise)
Importance: Undecided
Status: New
** Description changed:
- Some code in liblxc calls sprintf, or doesn't check return values of
- snprintf. Find and fix those.
+ ==============================
+ SRU Justification:
+ Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns
+ Stable fix: will be same as development fix
+ Development fix: Change all sprintf calls to snprintf, and check all snprintf
return values
+ which can possibly overrun
+ Test case: call lxc-info with a 300 character container name?
+ Regression potential: If this code is not converted correctly, regular
container
+ usage can be broken. The lxc testsuite is being run to make sure there are
no
+ regressions with regular container creation and startup.
+ ==============================
+ Some code in liblxc calls sprintf, or doesn't check return values of
snprintf. Find and fix those.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/988918
Title:
buffer overflows possible in liblxc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/988918/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
