[Pkg-scicomp-devel] Bug#441478: [ptb at inv.it.uc3m.es: Bug#441478: libglpk0: security flaw buffer overflow in glplib05.c xvprintf]
Rafael Laboissiere
rafael at debian.org
Fri Sep 14 09:33:02 UTC 2007
* Andrew Makhorin <mao at gnu.org> [2007-09-14 13:13]:
> Friday, September 14, 2007, 12:21:09 PM, you wrote:
>
> > I am a bit confused here: xvprintf is called by xprintf in
> > src/glplib05.c. The xprintf function is actually available in the
> > public API through _glp_lib_xprintf. It would then be possible to
> > write a malicious program linked against libglpk that would exploit
> > the buffer overflow vulnerability described in this bug report.
> > Please, tell me whether I am wrong or not.
>
> _glp_lib_xprintf is *not* api routine and formally being not declared
> in glpk.h it is not available to the user.
Unfortunately, this is not the case. The following works here with GLPK
4.21:
$ cat test.c
main () { _glp_lib_xprintf ("Ouch!\n"); }
$ gcc test.c -o test -lglpk
$ ./test
Ouch!
Even though _glp_lib_xprintf is not declared in glpk.h, it is available in
libglpk.so and malicious programs *_can_* be written that could exploit the
vulnerability.
--
Rafael
More information about the Pkg-scicomp-devel
mailing list