Page History

The Internet Systems Consortium's (ISC) Dynamic Host Configuration Protocol (DHCP) contained a vulnerability that introduced several potential buffer overflow conditions [VU#654390]. ISC DHCP makes use of the {{vsnprintf()}} function for writing various log file strings, which is defined in in the Open Group Base Specifications Issue 6 \[[Open Group 04|AA. C References#Open Group 04]\] as well as C99 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\]. For systems that do not support {{vsnprintf()}}, a C include file was created that defines the {{vsnprintf()}} function to {{vsprintf()}}, as shown in this noncompliant code example: