|
From: | Joshua Rogers |
Subject: | Re: [Nano-devel] Vulnerability |
Date: | Mon, 21 Jan 2013 00:39:20 +1100 |
User-agent: | Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0 |
Okay, no problem.
I wasn't sure if it was a buffer/stack overflow or not. If I find anything else, I'll report back. Thanks Joshua Rogers - Retro Game
Collector && IT Security Specialist
On 20/01/13 19:07, Chris Allegretta wrote:gpg pubkey Yup, we definitely can't just bail out of do_justify() randomly if the user decides to resize the screen in the middle. So at least for the reproducer you specify, this should be fixed in r4565 and you are credited again as the bug finder in the ChangeLog. However this is not CVE territory as much as it's one of the many many 'nano shouldn't do that' issues. If you still see bad behavior with justify (with this or another set of conditions), please say the word. Ill put a 2.3.2pre3 up for interested testers once I put in a better fix for the wordbounds cross-compile issue discussed in an earlier thread. On Tue, Jan 15, 2013 at 10:44 PM, Joshua Rogers <address@hidden> wrote:perl -e 'print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"x(500)' > nn nano nn 500 lines is fine. Just need enough time to minimize, and maximize the terminal. Here's output of those commands: (gdb) bt #0 do_justify (full_justify=false) at text.c:2064 #1 0x08065b12 in do_justify_void () at text.c:2357 #2 0x0805c578 in do_input (meta_key=0xbffff3cf, func_key=0xbffff3ce, s_or_t=0xbffff3cd, ran_func=0xbffff3cc, finished=0xbffff3cb, allow_funcs=true) at nano.c:1667 #3 0x0805cf8f in main (argc=2, argv=0xbffff494) at nano.c:2741 Hope it helps. Joshua Rogers - Retro Game Collector && IT Security Specialist gpg pubkey On 16/01/13 12:57, Chris Allegretta wrote: Hmm, still having problems getting the justify to finish let alone duplicate the crash, sigh. Not sure what's going on. The best way to provide debugging would be: CLAGS="-g -ggdb" ./configure && make clean all gdb src/nano run nn <make it crash> bt On Mon, Jan 14, 2013 at 10:31 PM, Joshua Rogers <address@hidden> wrote: I've got it! Open a file in the terminal using nano. Control J Now, resize the terminal window. Now then use control j again. Here's a demo of it: http://www.youtube.com/watch?v=q1ZTl_W8NJs&feature=youtu.be Thanks |
[Prev in Thread] | Current Thread | [Next in Thread] |