nano-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nano-devel] Vulnerability

From: Joshua Rogers
Subject: Re: [Nano-devel] Vulnerability
Date: Mon, 21 Jan 2013 00:39:20 +1100
User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/17.0 Thunderbird/17.0
Okay, no problem.
I wasn't sure if it was a buffer/stack overflow or not.

If I find anything else, I'll report back.


Thanks

Joshua Rogers - Retro Game Collector && IT Security Specialist
gpg pubkey
On 20/01/13 19:07, Chris Allegretta wrote:
Yup, we definitely can't just bail out of do_justify() randomly if the
user decides to resize the screen in the middle.  So at least for the
reproducer you specify, this should be fixed in r4565 and you are
credited again as the bug finder in the ChangeLog.  However this is
not CVE territory as much as it's one of the many many 'nano shouldn't
do that' issues.  If you still see bad behavior with justify (with
this or another set of conditions), please say the word.

Ill put a 2.3.2pre3 up for interested testers once I put in a better
fix for the wordbounds cross-compile issue discussed in an earlier
thread.


On Tue, Jan 15, 2013 at 10:44 PM, Joshua Rogers <address@hidden> wrote:

perl -e 'print
"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n"x(500)' >
nn

nano nn

500 lines is fine.

Just need enough time to minimize, and maximize the terminal.


Here's output of those commands:
(gdb) bt
#0  do_justify (full_justify=false) at text.c:2064
#1  0x08065b12 in do_justify_void () at text.c:2357
#2  0x0805c578 in do_input (meta_key=0xbffff3cf, func_key=0xbffff3ce,
s_or_t=0xbffff3cd, ran_func=0xbffff3cc, finished=0xbffff3cb,
allow_funcs=true) at nano.c:1667
#3  0x0805cf8f in main (argc=2, argv=0xbffff494) at nano.c:2741

Hope it helps.


Joshua Rogers - Retro Game Collector && IT Security Specialist
gpg pubkey
On 16/01/13 12:57, Chris Allegretta wrote:

Hmm, still having problems getting the justify to finish let alone
duplicate the crash, sigh.  Not sure what's going on.  The best way to
provide debugging would be:

CLAGS="-g -ggdb" ./configure && make clean all
gdb src/nano
run nn
<make it crash>
bt


On Mon, Jan 14, 2013 at 10:31 PM, Joshua Rogers <address@hidden>
wrote:

I've got it!



Open a file
in the terminal using nano.

Control J
Now, resize the terminal window.
Now then use control j again.

Here's a demo of it:
http://www.youtube.com/watch?v=q1ZTl_W8NJs&feature=youtu.be

Thanks

reply via email to
[Prev in Thread] Current Thread [Next in Thread]