Re: Perl PR: "Security holes in Sys::Syslog"

Rafael Garcia-Suarez <rgarciasuarez@mandriva.com> writes:

> 2. Moreover, this kind of vulnerability can be exploited
>    to a buffer overrun in the perl interpreter, by taking
>    advantage of an int<->unsigned int conversion bug in the
>    printf handling code

Is this the same issue I demonstrated?  Do you already have a patch
ready?

> 3. So we're going to fix our implementation of printf

--Gisle

• Perl PR: "Security holes in Sys::Syslog" by Andy Lester
• Re: Perl PR: "Security holes in Sys::Syslog" by dreamwvr
• Re: Perl PR: "Security holes in Sys::Syslog" by Dave Mitchell
• Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• [PATCH] Disable constant folding of sprintf by Gisle Aas
• Re: [PATCH] Disable constant folding of sprintf by hv
• Re: [PATCH] Disable constant folding of sprintf by Nicholas Clark
• Re: [PATCH] Disable constant folding of sprintf by Andy Lester
• Re: [PATCH] Disable constant folding of sprintf by Steve Peters
• Re: [PATCH] Disable constant folding of sprintf by Rafael Garcia-Suarez
• Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball
• RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• sprintf patches by Andy Lester
• Re: sprintf patches by Rafael Garcia-Suarez
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Brendan O'Dea
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by H.Merijn Brand
• Re: sprintf patches by Steve Peters
• Re: sprintf patches by Jason Vas Dias
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Brendan O'Dea
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Andrew Dougherty
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Steve Hay
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Steve Hay
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Andy Dougherty
• Re: sprintf patches by Dominic Dunlop
• Re: sprintf patches by Nicholas Clark
• Re: sprintf patches by Andy Dougherty
• RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• RE: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: Perl PR: "Security holes in Sys::Syslog" by Ronald J Kimball
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Dave Mitchell
• Re: Perl PR: "Security holes in Sys::Syslog" by hv
• Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark
• Re: Perl PR: "Security holes in Sys::Syslog" by hv
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Andy Lester
• Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Philippe M. Chiasson
• Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Allen Smith
• Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: [patch] Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Gisle Aas
• RE: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Nicholas Clark
• RE: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Jan Dubois
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• Re: [PATCH] Re: Perl PR: "Security holes in Sys::Syslog" by Rafael Garcia-Suarez
• [PATCH] Suppress "0b" prefix for sprintf("%#b", 0) by Gisle Aas
• Re: Perl PR: "Security holes in Sys::Syslog" by Adriano Ferreira