Bug#741482: libc6: ptsname_r() can use uninitialized memory

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#741482: libc6: ptsname_r() can use uninitialized memory
From: Jakub Wilk <jwilk@debian.org>
Date: Wed, 12 Mar 2014 23:06:27 +0100
Message-id: <[🔎] 20140312220627.GA5699@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 741482@bugs.debian.org

Package: libc6
Version: 2.18-4

If the fd refers to a terminal device, but not a pty master, ptsname_r()passes the buffer (which would be normally uninitialized) unchanged tostat64:


$ cat test.c
#define _XOPEN_SOURCE
#include <stdlib.h>
int main(int argc, char **argv)
{
	char buffer[128] = "garbage";
	ptsname_r(0, buffer, sizeof buffer);
	return 0;
}

$ gcc test.c -o t

$ strace -o '| grep -B2 garbage' ./t
ioctl(0, SNDCTL_TMR_TIMEBASE or SNDRV_TIMER_IOCTL_NEXT_DEVICE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(0, TIOCGPTN, [-142970892])        = -1 ENOTTY (Inappropriate ioctl for device)
stat64("garbage", 0xfffafe20)           = -1 ENOENT (No such file or directory)


-- System Information:
Debian Release: jessie/sid
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libc6:i386 depends on:
ii  libgcc1  1:4.9-20140303-1

Versions of packages libc6:i386 recommends:
ii  libc6-i686  2.18-4

--
Jakub Wilk

Reply to:

Prev by Date: Bug#738575: Access to a Galileo board
Next by Date: Bug#741523: tzdata 2014a-1 update includes critical DST update for Turkey
Previous by thread: Math Madness! Win the Bracket + a Class Set of Kindles
Next by thread: Bug#741523: tzdata 2014a-1 update includes critical DST update for Turkey
Index(es):
- Date
- Thread