Your message dated Tue, 10 Nov 2009 22:17:32 +0100
with message-id <[email protected]>
has caused the report #550978,
regarding gif2png: Command line buffer overflow
to be marked as having been forwarded to the upstream software
author(s) [email protected]
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
550978: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Hi Eric,
[please let [email protected] on CC:]
I'm the maintainer of Gif2png's Debian package.
A Debian GNU/Linux user had reported a bug describe below.
Could you please have a look at it and fix it upstream?
Thank you in advance.
Patroklos Argyroudis Patroklos Argyroudis <[email protected]>:
> Package: gif2png
> Version: 2.5.1-3
> Severity: normal
>
>
> gif2png is prone to a command line buffer overflow since there is an
> strcpy(3) call that fails to bounds-check user-supplied data before copying
> them to a fixed size buffer. Here is a transcript:
>
> [a...@hegel /tmp]$ gif2png `python -c 'print "A"*2048'`
> Segmentation fault (core dumped)
> [a...@hegel /tmp]$ gdb -q gif2png -c core
> (no debugging symbols found)
>
> warning: Can't read pathname for load map: Input/output error.
> Reading symbols from /usr/lib/libpng12.so.0...(no debugging symbols
> found)...done.
> Loaded symbols for /usr/lib/libpng12.so.0
> Reading symbols from /lib/i686/cmov/libm.so.6...(no debugging symbols
> found)...done.
> Loaded symbols for /lib/i686/cmov/libm.so.6
> Reading symbols from /usr/lib/libz.so.1...(no debugging symbols found)...done.
> Loaded symbols for /usr/lib/libz.so.1
> Reading symbols from /lib/i686/cmov/libc.so.6...(no debugging symbols
> found)...done.
> Loaded symbols for /lib/i686/cmov/libc.so.6
> Reading symbols from /lib/ld-linux.so.2...(no debugging symbols found)...done.
> Loaded symbols for /lib/ld-linux.so.2
> (no debugging symbols found)
> Core was generated by
> `AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'.
> Program terminated with signal 11, Segmentation fault.
> #0 0xb7e6c6ed in ?? () from /lib/i686/cmov/libc.so.6
> gdb $ i r
> eax 0x41414141 0x41414141
> ecx 0xb7f5960c 0xb7f5960c
> edx 0xbfffe960 0xbfffe960
> ebx 0xb7f57ff4 0xb7f57ff4
> esp 0xbfffe384 0xbfffe384
> ebp 0xbfffe3d8 0xbfffe3d8
> esi 0xb7f3b1da 0xb7f3b1da
> edi 0xb7f3b1e4 0xb7f3b1e4
> eip 0xb7e6c6ed 0xb7e6c6ed
> eflags 0x10206 [ PF IF RF ]
> cs 0x73 0x73
> ss 0x7b 0x7b
> ds 0x7b 0x7b
> es 0x7b 0x7b
> fs 0x0 0x0
> gs 0x33 0x33
>
> The bug is located at file gif2png.c, line number 901
> (strcpy(name, argv[i])) where name is a fixed size char array. This may
> have security repercussions if gif2png is configured as a handler for
> other applications that can pass user-supplied filenames as command line
> input to gif2png (e.g. from a CGI or other).
>
> -- System Information:
> Debian Release: squeeze/sid
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.26-1-686-bigmem (SMP w/4 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages gif2png depends on:
> ii libc6 2.9-25 GNU C Library: Shared libraries
> ii libpng12-0 1.2.39-1 PNG library - runtime
> ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
>
> Versions of packages gif2png recommends:
> ii python 2.5.4-2 An interactive high-level
> object-o
>
> gif2png suggests no packages.
>
> -- no debconf information
>
>
Bye,
Erik
--
www.ErikSchanze.de *********************************************
Bitte keine HTML-E-Mails! No HTML mails, please! Limit: 100 kB *
- Linux-Info-Tag in Dresden auch 2010 wieder *
Info: http://www.linux-info-tag.de/ *
--- End Message ---
