[36032] in bugtraq
Re: GNU/Linux 'info Buffer Overflow
daemon@ATHENA.MIT.EDU (Roman Werpachowski)
Sat Aug 7 12:55:02 2004
From: Roman Werpachowski <roman@student.ifpan.edu.pl>
To: bugtraq@securityfocus.com
Date: Sat, 7 Aug 2004 01:09:04 +0200
In-Reply-To: <20040806004621.25110.qmail@www.securityfocus.com>
MIME-Version: 1.0
Content-Disposition: inline
Message-Id: <200408070109.04162.roman@student.ifpan.edu.pl>
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
Dnia piątek, 6 sierpnia 2004 02:46, Josh Martin napisał:
> Package: info
> Version: 4.7-2.1
> Severity: grave
> Tags: security
> Justification: user security hole
'Severe' is to severe a word, but for anybody who's interested, here goes a
patch:
diff -urN texinfo-4.7/info/echo-area.c texinfo-4.7.patch/info/echo-area.c
--- texinfo-4.7/info/echo-area.c 2004-03-14 01:57:29.000000000 +0100
+++ texinfo-4.7.patch/info/echo-area.c 2004-08-07 01:06:49.000000000 +0200
@@ -1510,8 +1510,8 @@
text[i] = 0;
echo_area_initialize_node ();
- sprintf (&input_line[input_line_end], "%s[%s]\n",
- echo_area_is_active ? " ": "", text);
+ snprintf (&input_line[input_line_end], EA_MAX_INPUT + 1 - input_line_end,
+ "%s[%s]\n", echo_area_is_active ? " ": "", text);
free (text);
the_echo_area->point = input_line_point;
display_update_one_window (the_echo_area);
--
/* Roman Werpachowski */
Ten e-mail został sprawdzony i
zaakceptowany przez fretkę Tintin.
