|Subject:||Re: Buffer overflow in the StringQuotedWord() function|
|Date:||Thu, 22 Oct 2020 22:55:28 +0000|
The attached patch should fix both of the CVEs.
The one in StringQuotedWord was more complicated because it was due to a string longer than MAX_BUFF, and when I fixed the access there, other places had errors.
The one in srcnext needed only an extra test in a loop.
I tested the manual in doc/user before and after, and the only differences seemed to be places that embedded the current time.
From: Reinoud Zandijk <email@example.com>
Sent: Thursday, October 22, 2020 4:54 AM
To: William Bader <firstname.lastname@example.org>
Cc: Jeffrey Kingston <email@example.com>; Matěj Cepl <firstname.lastname@example.org>; email@example.com <firstname.lastname@example.org>
Subject: Re: Buffer overflow in the StringQuotedWord() function
On Wed, Oct 21, 2020 at 03:37:15AM +0000, William Bader wrote:
> I have active projects that use lout, and my diff file of small fixes and
> enhancement to lout-3.40 is now over 1300 lines. Would it be possible to
> find a home for the 3.40 source on github or
> https://www.freedesktop.org/wiki/ so that patches can at least be posted as
> issues even if there is never another release? Someone posted 3.39 as
> https://github.com/thektulu/lout Someone posted some data fixes as
> https://github.com/EPadronU/lout github has some other projects called lout,
> but I think that they are for Logging OUTput of web apps. Has anyone looked
> at the memory issues? StringQuotedWord lout-3.40/z39.c:254:66 looks easy to
> fix by checking that q < &buf[MAX_BUF-2] in the loop. srcnext
> lout-3.40/z02.c:381:26 is more complicated. Does it have to check that limit
> > mem_block? Regards, William
A shared repository would be handy indeed. If don't know if github is a good
idea since it can frament a lot but it needs a maintainer/shared git account
so it doesn't get lost.
Its sad to see linux distro's already dumping it.
|[Prev in Thread]||Current Thread||[Next in Thread]|