• shadowintheday2@lemmy.world
    link
    fedilink
    English
    arrow-up
    96
    arrow-down
    2
    ·
    1 year ago

    "A qsort vulnerability is due to a missing bounds check and can lead to memory corruption. It has been present in all versions of glibc since 1992. "

    This one amazes me. Imagine how many vulnerabilities future researchers will discover in ancient software that persisted/persist for decades.

    • PlexSheep@feddit.de
      link
      fedilink
      arrow-up
      66
      ·
      edit-2
      1 year ago

      That’s not the main part of the article, just a footnote, for anyone wondering.

      The flaw resides in the glibc’s syslog function, an attacker can exploit the flaw to gain root access through a privilege escalation.

      The vulnerability was introduced in glibc 2.37 in August 2022.

    • xlash123@sh.itjust.works
      link
      fedilink
      arrow-up
      34
      arrow-down
      1
      ·
      1 year ago

      C is just crazy. You accidentally forget to put the bounds in a sorting function, and now you are root.

    • kaputt@sh.itjust.works
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      According to the link in the article, the qsort() bug can only be triggered with a non-transitive cmp() function. Would such a cmp function ever be useful?

      • Giooschi@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        You don’t necessarily have to write a non-transitive cmp() function willingly, it may happen that you write one without realizing due to some edge cases where it’s not transitive.