|Subject:||Re: Buffer overflow in the StringQuotedWord() function|
|Date:||Sat, 21 Dec 2019 11:59:47 +0000|
Is anyone still maintaining lout?
I have attached patches that fix some graph issues and that add some features.
Is there a consensus how to fix the two overflows that you reported?
The easiest way is probably truncating the buffer and showing a warning, but that might lose text.
Other places in lout might have the same buffer limit, so allocating and passing a larger buffer would take some analysis to ensure that it wouldn't cause a buffer overflow somewhere else.
From: Lout-users <lout-users-bounces+williambader=address@hidden> on behalf of Frederic Cambus <address@hidden>
Sent: Saturday, December 21, 2019 5:27 AM
To: address@hidden <address@hidden>
Subject: Re: Buffer overflow in the StringQuotedWord() function
On Fri, Dec 20, 2019 at 07:12:14PM +0100, Frederic Cambus wrote:
> While fuzzing lout 3.40 with Honggfuzz, I found a buffer overflow in
> the StringQuotedWord() function, in z39.c.
This issue has been assigned CVE-2019-19917.
|[Prev in Thread]||Current Thread||[Next in Thread]|