[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow in the StringQuotedWord() function

From: William Bader
Subject: Re: Buffer overflow in the StringQuotedWord() function
Date: Thu, 22 Oct 2020 22:55:28 +0000

The attached patch should fix both of the CVEs.
The one in StringQuotedWord was more complicated because it was due to a string longer than MAX_BUFF, and when I fixed the access there, other places had errors.
The one in srcnext needed only an extra test in a loop.
I tested the manual in doc/user before and after, and the only differences seemed to be places that embedded the current time.
Regards, William

From: Reinoud Zandijk <reinoud@13thmonkey.org>
Sent: Thursday, October 22, 2020 4:54 AM
To: William Bader <williambader@hotmail.com>
Cc: Jeffrey Kingston <jeffrey.kingston@sydney.edu.au>; Matěj Cepl <mcepl@cepl.eu>; lout-users@nongnu.org <lout-users@nongnu.org>
Subject: Re: Buffer overflow in the StringQuotedWord() function
On Wed, Oct 21, 2020 at 03:37:15AM +0000, William Bader wrote:
> I have active projects that use lout, and my diff file of small fixes and
> enhancement to lout-3.40 is now over 1300 lines.  Would it be possible to
> find a home for the 3.40 source on github or
> https://www.freedesktop.org/wiki/ so that patches can at least be posted as
> issues even if there is never another release?  Someone posted 3.39 as
> https://github.com/thektulu/lout Someone posted some data fixes as
> https://github.com/EPadronU/lout github has some other projects called lout,
> but I think that they are for Logging OUTput of web apps.  Has anyone looked
> at the memory issues?  StringQuotedWord lout-3.40/z39.c:254:66 looks easy to
> fix by checking that q < &buf[MAX_BUF-2] in the loop.  srcnext
> lout-3.40/z02.c:381:26 is more complicated. Does it have to check that limit
> > mem_block?  Regards, William

A shared repository would be handy indeed. If don't know if github is a good
idea since it can frament a lot but it needs a maintainer/shared git account
so it doesn't get lost.

Its sad to see linux distro's already dumping it.

With regards,

Attachment: lout-3.40-cve.pat
Description: lout-3.40-cve.pat

reply via email to

[Prev in Thread] Current Thread [Next in Thread]