Bug 1264784 - tmux: xsnprintf hardening
tmux: xsnprintf hardening
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: tmux (Show other bugs)
22
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Sven Lankes
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1036120
  Show dependency treegraph
 
Reported: 2015-09-21 04:32 EDT by Florian Weimer
Modified: 2017-01-25 07:49 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1036161
Environment:
Last Closed: 2016-07-19 13:57:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Florian Weimer 2015-09-21 04:32:00 EDT
+++ This bug was initially created as a clone of Bug #1036161 +++

xsnprintf makes fortify protection ineffect.  It should be an inline function or a #define.

The function does not guard against negative or oversized return values, and callers assume that it always returns values in the range [0, size - 1] (see arguments.c:args_print() for an
example).

--- Additional comment from David Cantrell on 2013-12-12 17:38:20 CET ---

Can you show me a patch for what you're looking for?

--- Additional comment from Florian Weimer on 2014-06-09 13:12:40 CEST ---

(In reply to David Cantrell from comment #2)
> Can you show me a patch for what you're looking for?

An extensive explanation is available in this blog post: https://securityblog.redhat.com/2014/03/12/the-trouble-with-snprintf/
Comment 1 Fedora End Of Life 2016-07-19 13:57:59 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 2 Florian Weimer 2017-01-25 07:49:58 EST
This was fixed upstream as part of tmux 2.2, with commit
64571368dc19219fc1ef9b6c20034ee143cbed0d.

Note You need to log in before you can comment on or make changes to this bug.