[uWSGI] [SECURITY] patch for potential stack bypassing

Roberto De Ioris roberto at unbit.it
Tue Feb 6 17:22:01 UTC 2018


Hi everyone, the following patch (available for both 2.0 and 2.1) fixes
a potential security vulnerability reported yesterday:

https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe

Any modern system should not be vulnerable thanks to out-of-the-box
protections like stack canary and friends. (basically if you pass a path
bigger than PATH_MAX, uWSGI will crash or will trigger a stack corruption
exception)

Albeit using it for some kind of useful attack seems very improbable, the
new approach is way more robust than the previous one as it checks for the
path size before calling realpath() too.


-- 
Roberto De Ioris
http://unbit.com


More information about the uWSGI mailing list