-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
usage of sscanf with format %s is unsafe #4366
Comments
Hello, we're UT Austin students working on open-source contributions for a final project. Would it be fine to have this assigned to us? Thank you! |
Hi. I am on the same project team as anooprac. Should we return an error code if the length of oparg is larger than the name buffer length, or should we limit the size of the input buffer to 4095? |
When you run lxc-unshare, what username should you specify? Does it need to be mapped beforehand? |
Looking back at this, the issue really is with sscanf using So I'm wondering if this was perhaps about a prior implementation of that function and we don't actually have a problem here anymore. |
That could be. Was the purpose of the “%s” implementation to get a non-numerical username? |
if
oparg
length is bigger thanname
buffer length, it will cause buffer overflow because the width of %s is not provied.insecure code:
https://github.com/lxc/lxc/blob/9c1d70ef8b393d42fc089e89b16a3ec7d8769ff1/src/lxc/tools/lxc_unshare.c#L166C1-L166C1
maybe we should fix it like this:
The text was updated successfully, but these errors were encountered: