[dovecot/core] c398ec: lib: printf_format_fix*() - Be over-strict in what...
GitHub
noreply at github.com
Wed Oct 18 18:00:11 EEST 2017
Branch: refs/heads/master
Home: https://github.com/dovecot/core
Commit: c398eca6b0fc6583687bd6fe2ee2dbcca2ae9387
https://github.com/dovecot/core/commit/c398eca6b0fc6583687bd6fe2ee2dbcca2ae9387
Author: Timo Sirainen <timo.sirainen at dovecot.fi>
Date: 2017-10-18 (Wed, 18 Oct 2017)
Changed paths:
M src/lib/printf-format-fix.c
M src/lib/test-printf-format-fix.c
Log Message:
-----------
lib: printf_format_fix*() - Be over-strict in what format strings are allowed
The checks could have been bypassed by some invalid format strings that were
handled differently by the printf_format_fix*() code and libc. For example
"%**%n" was passed through as ok, but glibc handled the %n in it.
Found by cPanel Security Team.
More information about the dovecot-cvs
mailing list