Re: git: e17fede8ff46 - main - Fix too small sscanf output buffers in kbdmap
- In reply to: Shawn Webb : "Re: git: e17fede8ff46 - main - Fix too small sscanf output buffers in kbdmap"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 06 Feb 2022 18:07:35 UTC
On 6 Feb 2022, at 16:41, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: > > On Sun, Feb 06, 2022 at 03:26:00PM +0000, Dimitry Andric wrote: >> The branch main has been updated by dim: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=e17fede8ff4629b5ff640ed660940b04c70da0b6 >> >> commit e17fede8ff4629b5ff640ed660940b04c70da0b6 >> Author: Dimitry Andric <dim@FreeBSD.org> >> AuthorDate: 2022-02-06 15:25:11 +0000 >> Commit: Dimitry Andric <dim@FreeBSD.org> >> CommitDate: 2022-02-06 15:25:25 +0000 >> >> Fix too small sscanf output buffers in kbdmap >> >> This fixes the following warnings from clang 14: >> >> usr.sbin/kbdmap/kbdmap.c:241:16: error: 'sscanf' may overflow; destination buffer in argument 5 has size 20, but the corresponding specifier may require size 21 [-Werror,-Wfortify-source] >> &a, &b, buf); >> ^ ... > Would commits like this and d310bf3867b4168e57365196c3a31797c0538097 > normally cause SAs? Off-by-one bugs are typically considered security > bugs. In this particular case, you could make /usr/sbin/kdbmap (or its alias /usr/sbin/vidfont) crash, by deliberately corrupting /etc/rc.conf or the various INDEX.keymaps files under /usr/share. But what you would gain from this is unclear, none of these tools are setuid, and you already need to be root to edit those files. In case of /usr/sbin/bootparamd, you could make it crash on a deliberately corrupted /etc/bootparams file. Again, this tool is not setuid, and you can only edit the file if you are root anyway. -Dimitry