[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

libqb / CVE-2019-12779

The upstream patch patches "c->description" which is not used in
Jessie. OK, so probably not vulnerable.

Looking at data/dla-needed.txt:

  NOTE: 20190616: Upstream patch does not apply at all, but it appears that     
  NOTE: 20190616: package is still vulnerable in ipc_posix_mq.c etc. or
  NOTE: 20190616: wherever it uses c->pid w/NAME_MAX. (lamby)

OK, Good point. However these files are opened with posix_mq_create,
which uses O_EXCL - my understanding is that this means these functions
are not vulnerable to symlink attacks, etc.

However lib/ipc_shm.c has calls to qb_rb_open, which doesn't have
O_EXCL, thinking this might be a vulnerability.

lib/log_blackbox.c looks similar.

qb_rb_open calls qb_sys_mmap_file_open which in turn calls
open_mmap_file which can support calling mkstemp to generate the
filename, however I think this isn't getting used (no XXXXXX in filename
string), so vulnerable still.

If you want to look at libqb probably worth double checking this in case
I got something wrong/confused :-)
Brian May <brian@linuxpenguins.xyz>

Reply to: