libpkgconf: personality: fix out of boundary access #193

Closed

stoeckmann wants to merge 1 commits from personality into master

Author	SHA1	Message	Date
Tobias Stoeckmann	891cc370a6	libpkgconf: personality: fix out of boundary access It is possible to set the instruction pointer to undefined values by using an operator larger than ':' in ASCII. Since the personality function array does not have 256 entries, an invalid operator can overflow the array. Proof of concept: $ echo "a _ b" > poc $ ln -s $(which pkgconf) poc-pkgconf $ ./poc-pkgconf	2020-05-24 23:13:19 +02:00

Author

SHA1

Message

Date

Tobias Stoeckmann

891cc370a6

libpkgconf: personality: fix out of boundary access

It is possible to set the instruction pointer to undefined values by
using an operator larger than ':' in ASCII.

Since the personality function array does not have 256 entries, an
invalid operator can overflow the array.

Proof of concept:

$ echo "a _ b" > poc
$ ln -s $(which pkgconf) poc-pkgconf
$ ./poc-pkgconf

2020-05-24 23:13:19 +02:00

libpkgconf: personality: fix out of boundary access #193

1 Commits (master)