buffer overflows possible in liblxc
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Fix Released
|
High
|
Serge Hallyn | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
=======
SRU Justification:
Impact: callers of liblxc (like lxc-ip) can easily get buffer overruns
Stable fix: will be same as development fix
Development fix: Change all sprintf calls to snprintf, and check all snprintf return values
which can possibly overrun
Test case: call lxc-info with a 300 character container name?
Regression potential: If this code is not converted correctly, regular container
usage can be broken. The lxc testsuite was run to make sure there are no
regressions with regular container creation and startup. (see
lp:~serge-hallyn/+junk/lxc-test)
=======
Some code in liblxc calls sprintf, or doesn't check return values of snprintf. Find and fix those.
Changed in lxc (Ubuntu): | |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
importance: | Undecided → High |
status: | New → In Progress |
description: | updated |
Changed in lxc (Ubuntu Precise): | |
importance: | Undecided → High |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Hello Serge, or anyone else affected,
Accepted lxc into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https:/ /wiki.ubuntu. com/Testing/ EnableProposed for documentation how to enable and use -proposed. Thank you in advance!