Date: Wed, 15 Apr 2015 10:29:16 +1000 From: Michael Samuel <mik@...net.net> To: oss-security@...ts.openwall.com Subject: Re: Re: Problems in automatic crash analysis frameworks On 15 April 2015 at 07:08, Tavis Ormandy <taviso@...gle.com> wrote: >>>> import socket >>>> socket.socket(socket.AF_UNIX, socket.SOCK_STREAM).bind('test\ntest') >>>> sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) >>>> sock.bind('/tmp/foo\nbar') >>>> sock.listen(1) > > $ grep -A1 foo /proc/net/unix > 0000000000000000: 00000002 00000000 00010000 0001 01 4772228 /tmp/foo > bar This is a Linux kernel flaw/bug right? It's a machine-readable newline-delimited /proc file, so it needs to escape newlines if they're valid data. Regards, Michael
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ