Red Hat Bugzilla – Bug 435905
[feature] add fortification for vasprintf etc
Last modified: 2008-03-11 05:22:25 EDT
Whilst testing various format string exploits today, the security response team
noticed that %n in a writable format string was not being captured by
FORTIFY_SOURCE=2 as we expected. This was because the application was using
vasprintf, a function that hasn't been fortified. Jakub confirmed this is true
and there is no fortification for asprintf, __asprintf, vasprintf, dprintf,
vdprintf, obstack_printf, obstack_vprint.
Can we get vasprintf fortified in time for F9 at a minimum?
Implemented in 2.7.90-8 and above.