Bug #2092

unsafe sprintfs mod_geoip

Added by shaun about 10 years ago. Updated over 3 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Missing in 1.5.x:


When using city databases, mod_geoip does some very broken sprintfs to buffers on the stack. For instance:

char latitude[32]; sprintf(&latitude, "%f", gir->latitude);
This works because latitude and &latitude point to the same address, since it's allocated on the stack. However, it throws a compiler warning, since it's passing a char** to function that's expecting a char*.

Also, the use of unchecked sprintf for stack allocated buffers is spooky. If libgeoip ever returns something of a different size, there's a good chance for stack corruption or other bizarre problems.

Patch changes this to length-checked snprintf's using the buffer instead of the buffer's address.


unsafe_sprintf.patch (1.92 KB) unsafe_sprintf.patch shaun, 2009-10-29 21:32

Updated by shaun about 10 years ago

  • Status changed from New to Patch Pending

Updated by stbuehler about 10 years ago

  • Priority changed from High to Normal
  • Target version deleted (1.4.25)

Just a small reminder: mod_geoip is not upstream.


Updated by gstrauss almost 4 years ago

I uploaded a patch to which applies to mod_geoip_for_1.4.c (rename to mod_geoip.c) in order to compile mod_geoip.c cleanly under lighttpd 1.4.39. (I have not tested beyond compiling it.)

The patch also replaces sprintf() with snprintf() andfixes the compiler warnings.


Updated by gstrauss almost 4 years ago


Updated by stbuehler almost 4 years ago

  • Status changed from Patch Pending to Invalid

3rd party module.


Updated by gstrauss over 3 years ago

  • Target version set to 1.4.42

Updated by gstrauss over 3 years ago

  • Status changed from Invalid to Fixed

Also available in: Atom