|
6 | 6 |
|
7 | 7 | <note> |
8 | 8 | <title>Release Date</title> |
9 | | - <simpara>2015-05-21</simpara> |
| 9 | + <simpara>2015-05-22</simpara> |
10 | 10 | </note> |
11 | 11 |
|
12 | 12 | <para> |
|
58 | 58 |
|
59 | 59 | <listitem> |
60 | 60 | <para> |
61 | | - Consistently check for failure of the <function>*printf()</> family of |
62 | | - functions (Noah Misch) |
| 61 | + Improve detection of system-call failures (Noah Misch) |
63 | 62 | </para> |
64 | 63 |
|
65 | 64 | <para> |
66 | | - Most calls of these functions did not consider the possibility that |
67 | | - the functions could fail with, eg, out-of-memory conditions. The usual |
68 | | - result would just be missing output, but crashes or exposure of |
69 | | - unintended information are also possible. To protect against such |
70 | | - risks uniformly, create wrappers around these functions that throw an |
71 | | - error on failure. Also add missing error checks to a few |
72 | | - security-relevant calls of other system functions. |
| 65 | + Our replacement implementation of <function>snprintf()</> failed to |
| 66 | + check for errors reported by the underlying system library calls; |
| 67 | + the main case that might be missed is out-of-memory situations. |
| 68 | + In the worst case this might lead to information exposure, due to our |
| 69 | + code assuming that a buffer had been overwritten when it hadn't been. |
| 70 | + Also, there were a few places in which security-relevant calls of other |
| 71 | + system library functions did not check for failure. |
| 72 | + </para> |
| 73 | + |
| 74 | + <para> |
| 75 | + It remains possible that some calls of the <function>*printf()</> |
| 76 | + family of functions are vulnerable to information disclosure if an |
| 77 | + out-of-memory error occurs at just the wrong time. We judge the risk |
| 78 | + to not be large, but will continue analysis in this area. |
73 | 79 | (CVE-2015-3166) |
74 | 80 | </para> |
75 | 81 | </listitem> |
|