]> granicus.if.org Git - procps-ng/commit
projects / procps-ng / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7941bb5) | patch
proc/alloc.c: Use vfprintf(), not fprintf().
authorQualys Security Advisory <qsa@qualys.com>
Thu, 1 Jan 1970 00:00:00 +0000 (00:00 +0000)
committerCraig Small <csmall@enc.com.au>
Fri, 18 May 2018 21:32:21 +0000 (07:32 +1000)
commit98b79d1ef1695ad0332203c9e15e0c2de2d7d0e9
treed76f1b864618f82a91280ff75aad54a210709216tree | snapshot
parent7941bb512aef9b340fd8016e2030458b47ec4995commit | diff
proc/alloc.c: Use vfprintf(), not fprintf().

This can disclose information from the stack, but is unlikely to have a
security impact in the context of the procps utilities:

user@debian:~$ w 2>&1 | xxd
00000000: a03c 79b7 1420 6661 696c 6564 2074 6f20  .<y.. failed to
00000010: 616c 6c6f 6361 7465 2033 3232 3137 3439  allocate 3221749
00000020: 3738 3020 6279 7465 7320 6f66 206d 656d  780 bytes of mem
00000030: 6f72 79                                  ory
proc/alloc.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.