Hi! On Sat, 2014-11-29 at 00:43:06 +1100, Joshua Rogers wrote: > Package: dpkg > Version: 1.17.22-1 > Tags: bug
The correct address so submit bug reports is sub...@bugs.debian.org. > Using AddressSanitizer I have found an Out-of-Bounds(?) vulnerability in > dpkg. > > The vulnerable code is in lib/dpkg/parse.c, on line 135. > > 133: for (fip = fieldinfos, ip = fs->fieldencountered; fip->name; > fip++, ip++) > 134: if (strncasecmp(fip->name, fs->fieldstart, fs->fieldlen) == 0 && > 135: fip->name[fs->fieldlen] == '\0') > 136: break; Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then there might be an out of bounds *read* access, but I don't see how that would be a vulnerability. I'll fix this for 1.17.23. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-dpkg-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20141128141458.ga1...@gaara.hadrons.org
