Re: dpkg-deb "OutofBounds"/"global-buffer-overflow" vulnerability

2014-11-28 Thread Joshua Rogers
On 29/11/14 01:14, Guillem Jover wrote: > Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then > there might be an out of bounds *read* access, but I don't see how that > would be a vulnerability. I'll fix this for 1.17.23. I think it's just a 'by definition' vulnerability, e.g li

Re: dpkg-deb "OutofBounds"/"global-buffer-overflow" vulnerability

2014-11-28 Thread Guillem Jover
On Fri, 2014-11-28 at 15:14:58 +0100, Guillem Jover wrote: > On Sat, 2014-11-29 at 00:43:06 +1100, Joshua Rogers wrote: > > Package: dpkg > > Version: 1.17.22-1 > > Tags: bug > > The correct address so submit bug reports is sub...@bugs.debian.org. Just to clarify this, bug reports on the list are

Re: dpkg-deb "OutofBounds"/"global-buffer-overflow" vulnerability

2014-11-28 Thread Guillem Jover
Hi! On Sat, 2014-11-29 at 00:43:06 +1100, Joshua Rogers wrote: > Package: dpkg > Version: 1.17.22-1 > Tags: bug The correct address so submit bug reports is sub...@bugs.debian.org. > Using AddressSanitizer I have found an Out-of-Bounds(?) vulnerability in > dpkg. > > The vulnerable code is in l

dpkg-deb "OutofBounds"/"global-buffer-overflow" vulnerability

2014-11-28 Thread Joshua Rogers
Package: dpkg Version: 1.17.22-1 Tags: bug Hi, Using AddressSanitizer I have found an Out-of-Bounds(?) vulnerability in dpkg. The vulnerable code is in lib/dpkg/parse.c, on line 135. 133: for (fip = fieldinfos, ip = fs->fieldencountered; fip->name; fip++, ip++) 134:if (strncasecmp(fip->na