Page History

The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the {{vsnprintf()}} function for writing various log file strings, which is defined in the Open Group Base Specifications Issue 6 \[[Open Group 04|AA. References#OpenBibliography#Open Group 04]\] as well as C99 \[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\]. For systems that do not support {{vsnprintf()}}, a C include file was created that defines the {{vsnprintf()}} function to {{vsprintf()}}, as shown in this noncompliant code example:

\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.19.6.12, "The {{vsnprintf}} function"
\[[ISO/IEC PDTR 24772|AA. References#ISOBibliography#ISO/IEC PDTR 24772]\] "XYS Executing or Loading Untrusted Code"
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 684|http://cwe.mitre.org/data/definitions/684.html], "Failure to Provide Specified Functionality"
\[[Open Group 04|AA. References#OpenBibliography#Open Group 04]\] [{{vsnprintf()}}|http://www.opengroup.org/onlinepubs/009695399/functions/vsnprintf.html]
\[[Seacord 05a|AA. References#SeacordBibliography#Seacord 05]\] Chapter 6, "Formatted Output"
\[[VU#654390|AA. References#VU#654390Bibliography#VU#654390]\]