Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Adam D. Barratt
On Mon, 2011-01-17 at 00:48 +0100, Ansgar Burchardt wrote: > Peter Pentchev writes: > >> With the above changes, please feel free to upload (bearing in mind that > >> the deadline for inclusion in the next point release is tomorrow). > > > > Thanks! > > > > Well, since I'm not a full DD yet, and x

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Ansgar Burchardt
Peter Pentchev writes: >> With the above changes, please feel free to upload (bearing in mind that >> the deadline for inclusion in the next point release is tomorrow). > > Thanks! > > Well, since I'm not a full DD yet, and xdigger doesn't fall under my DM > rights, I hereby throw myself at the me

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Peter Pentchev
On Sun, Jan 16, 2011 at 07:25:01PM +, Adam D. Barratt wrote: > On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote: > > Here's the new debdiff; thanks for your time! > > Thanks for that. > > Two small things: > > +- strcat(strcpy(croom, " ROOM: "), slevel_number); > [...] > ++ snprint

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Adam D. Barratt
On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote: > Here's the new debdiff; thanks for your time! Thanks for that. Two small things: +- strcat(strcpy(croom, " ROOM: "), slevel_number); [...] ++ snprintf(croom, sizeof(croom), " ROOM: %s", slevel_number); The new version has one fewer s

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Peter Pentchev
On Thu, Jan 13, 2011 at 10:27:11PM +, Adam D. Barratt wrote: > On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote: > > On Wed, Jan 12, 2011 at 09:10:53PM +, Adam D. Barratt wrote: > > > This change looked a little odd: > [...] > > > + case TON_SCHRITT: > > > +- strcat(

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-13 Thread Adam D. Barratt
On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote: > On Wed, Jan 12, 2011 at 09:10:53PM +, Adam D. Barratt wrote: > > This change looked a little odd: [...] > > + case TON_SCHRITT: > > +-strcat(name, "/step.au"); > > ++snprintf(name, sizeof(name), "%s/step.au", XDIGGER_LIB_DIR);

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-13 Thread Peter Pentchev
On Wed, Jan 12, 2011 at 09:10:53PM +, Adam D. Barratt wrote: > Hi, > > On Sun, 2011-01-09 at 01:16 +0200, Peter Pentchev wrote: > > On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote: > > > Some other cases in the sound module with copying and strcating pargv/argv > > > might be wor

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-12 Thread Adam D. Barratt
Hi, On Sun, 2011-01-09 at 01:16 +0200, Peter Pentchev wrote: > On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote: > > Some other cases in the sound module with copying and strcating pargv/argv > > might be worth looking at also. I have not investigated further. Nor have I > > investiga

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-08 Thread Peter Pentchev
package xdigger tag 609096 + pending thanks On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote: > Package: xdigger > Version: 1.0.10-13 > Severity: important > Tags: security > > There is a buffer overflow in xdigger. > > xdigger_1.0.10/xdigger.c > strcpy(progname, argv[0]); > > I