Hi Jörg, Sorry for the belated follow-up.
Jörg Frings-Fürst writes: > Hi, > > the bug[1] is now an security issue[2] and has a CVE-Number[3]. > > I need your comment about the patch. I wrote the patch so I am not sure how qualified I am commenting on it (and I have no idea what kind of comments you're after) but here goes anyway. Kritphong has reported[4] that the patch makes the problem he reported go away and does not obviously break saned. I wrote the patch to take care only of the issue reported in the least intrusive way. Unfortunately, that also means the patch cannot really address the issue where it originates. It merely tries to repair the broken logic in sanei/sanei_wire.c under very specific conditions (as you can see from the initial condition in the patch. I've commented a bit more on the patch in [5]. The FIXME in the patch, as also explained in [5], is to remind folks of the fact that backends may send strings in buffers that are larger than the length of the string. In that case, w->allocated_memory would end up being larger than the amount that is actually still allocated. This may, over time, lead to unwarranted SANE_STATUS_NO_MEM return values, i.e. resource starvation, which may be a security issue in and of itself as it would provide a way to trigger a DOS for saned. > [1]https://alioth.debian.org/tracker/index.php?func=detail&aid=315576&group_id=30186&atid=410366 > [2]https://security-tracker.debian.org/tracker/CVE-2017-6318 > [3]https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6318 [4]https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854804#59 [5]https://lists.alioth.debian.org/pipermail/sane-devel/2017-March/035066.html Hope this helps, -- Olaf Meeuwissen, LPIC-2 FSF Associate Member since 2004-01-27 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13 F43E B8A4 A88A F84A 2DD9 Support Free Software https://my.fsf.org/donate Join the Free Software Foundation https://my.fsf.org/join -- sane-devel mailing list: [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/sane-devel Unsubscribe: Send mail with subject "unsubscribe your_password" to [email protected]
