sharutils obscure fscanf() buffer overflow

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

sharutils obscure fscanf() buffer overflow

From:	Ulf Härnhammar
Subject:	sharutils obscure fscanf() buffer overflow
Date:	Sat, 14 Aug 2004 17:31:42 +0200
User-agent:	Internet Messaging Program (IMP) 3.2.1

Hello,

I have found an obscure buffer overflow in shar from the sharutils 4.2.1
package.

The shar command executes wc when creating shar archives. In the rather
unlikely scenario where there is a malicious wc command installed that
prints lots of output, a buffer overflow will occur in shar, because of a
"%s" format string in an fscanf() call in shar.c.

This is of course no serious security threat. Nevertheless, I think it
is worth fixing, as the Right Thing for a program should be not to assume
anything about its input and to handle various problems well.

I have attached a patch against sharutils-4.2.1 and an evil wc command that
exhibits this problem in shar on my machine (Debian GNU/Linux testing).

// Ulf Harnhammar
   http://www.advogato.org/person/metaur/

wc
Description: Text document

sharutils.patch
Description: Text document

[Prev in Thread]

Current Thread

[Next in Thread]

sharutils obscure fscanf() buffer overflow, Ulf Härnhammar <=
- Re: sharutils obscure fscanf() buffer overflow, Bruce Korb, 2004/08/15
  - Re: sharutils obscure fscanf() buffer overflow, Bruce Korb, 2004/08/15

Prev by Date: Fgrep
Next by Date: Re: Fgrep
Previous by thread: Fgrep
Next by thread: Re: sharutils obscure fscanf() buffer overflow
Index(es):
- Date
- Thread