-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Patch for pointer dereference issue:
https://gitorious.org/~jotik/sword-svn-mirrors/jotiks-sword-trunk/commit/1b8ab91ff994c8584d6c61cb7d334273732d8216 Patch for buffer overflow: https://gitorious.org/~jotik/sword-svn-mirrors/jotiks-sword-trunk/commit/4a261b27a7bec9d9300da6c357666a3851f3d34e There you go! Took me half an hour. Blessings, Jaak On 27.06.2013 22:41, Mark Trompell wrote: > I see. I'll try to come up with a better patch on Monday. I won't > have time earlier. Blessings Mark --- Ursprüngl. Mitteilung --- > Von: Jaak Ristioja Gesend.: 27.06.2013, 16:15 An: > sword-devel@crosswire.org Betreff: Re: [sword-devel] installmgr > (and xiphos) crashes (svn 2831) > > > I think you only fixed pBuf not being set to NULL prematurely. But > this: > > memset(possibleName, 0, 400); > > doesn't help. The sprintf function always writes a terminating \0 > character. The problem is not that a \0 character is not written, > because it is written (unless a memory error occurs first). The > problem is that if possibleNameLength > 399 then it writes the > characters (including the terminating \0 character) past the end > of the possibleName buffer, corrupting memory, potentially outside > of the virtual address space of the program (usually triggering the > OS to kill the process with a segfault or something). > > The memset call is not needed, but it should be checked that > possibleNameLength < 400 (strictly "less-than"). Otherwise > > sprintf(possibleName, "%.*s", possibleNameLength, pBuf); > > is a security vulnerability. I wonder whether a CVE is required. > > > Blessings, Jaak > > On 27.06.2013 14:45, Mark Trompell wrote: >> Sending again with tabs instead of blancs in the first hunk > >> On Thu, Jun 27, 2013 at 1:17 PM, Mark Trompell >> <m...@foresightlinux.org> wrote: >>> I just fixed it :). Attached patch will initialize >>> possibleNames with 0 bytes to make sure we always have the name >>> 0 terminated properly. and it will move the pBuf=pBufRes into >>> the check for ifBufRes != NULL, in case no filesize is found >>> (because of another apache is displaying it differently) >>> Shouldn't break existing setups. > > > > >> _______________________________________________ sword-devel >> mailing list: sword-devel@crosswire.org >> http://www.crosswire.org/mailman/listinfo/sword-devel >> Instructions to unsubscribe/change your settings at above page > > > > _______________________________________________ sword-devel mailing > list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel Instructions > to unsubscribe/change your settings at above page > > > _______________________________________________ sword-devel mailing > list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel Instructions > to unsubscribe/change your settings at above page > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQgcBAEBAgAGBQJRzKGMAAoJEEqsYmEt1rCOKTI//ive2vm6lFnJkuBfZHBsGnSF aSm5JAyksfatvrQ7rcFsL9WOINMAXXZW9qQ6w7PThxreEBUALuE9iSGF6RaSzWkW Q6mBXZuX2ROHYFY9PbtfA5K6c2roNLF03o88YKafADORlCqXpgPfLsY1lL2G9q8w LjmMOQGyCPAxzOdgr8Ll5mjWhv71X00n11Z0lK7QOct58Jj/yHTi/0/IoOdplZeo neWK83hbo/yFlrSP37mzBvLAQKEXEHaQdHRi2bj9jL9KCT70WC0QB8BkJDGqhh70 U7IHkTBrH+AaWD0jlirFUTe6rs1jm3Zgn/mqCiM8yFb2/RBT/csn0TOpCYvLIu+9 WXTjXRn7Vix/r2c1opejigM2387rYXkhQCdQxqddqlkrO92aLKuCsZWi5mfRceYA hBayFPUe6CHUJoQYCtvPDx9Tfcr2tgWhmyLvbQzjNqFsaVpiFGEoAltPqe6nw/9U 8WuZwQnLuAs1sM08FL18kZ2qtOFf26iSLHmJamipBork9Pd3NsJBsct4w28/3KDh hLQD3sZ9sKWrTKNwyYY+dqXQThdMeL1zcKrjyUHnyYDnH67hwDEDGlEuvVTCzdbb CEZ5iJvYRKQ7ylUSKWqVUa976OwRGbAoCeTsuxbCe1RTuXiVYtV9GqKo2Rbipp2e 52hHXd7RgszlVq5Wk3QdWwa7kKm8OTbKsNrMcBWlkBdTBbVlDaM8QIkmCs3ZwXEa C6bzKX6vAqgZrjBUiZpdIfPay/8z5zzQU2I5C7wurdOGk986UdZXCr6RjYdwxoGN yjw3uVM01RMcv3+N7X+vXyHTloaeqVaOkd2yrp6RSFA4W2V1XQE/loitxctzHEZI k36MdLg2tRrHkBwqWdO56Fg9ogShQOK+aanq2nuou0hKNvoxkkH3QdiqL3O2JW8Z dWilQiiuCdDPeyDxqsrO0zP4K+df+puXgisAv5561P/A+nlJvtY1TmOSNQpF5ebn eecK94ZExoGCMJ+TgIY7KqZSKaq3FB4acxO+bbQHHvJFDaZZzr6D1uMmgUI7zr5l u0xFqSAwggRMKB9TMjV5wG+NetfjgmaNABhCiaCHpksm+R7MJjxSArUp1fH3xUja LpUWJuGZQM+gX/s7DzFMfBNxtjYP/uocMvx7gQFg+vd0hRrtcSM+RgTI35+2Gdm8 3xgE45j5fVSEcPOMYP6OYIR4vhL4X3aT6uZ6jntGTowErv8NLJw7LTxiCBmYx2Ij vmJLLoQrsf0w6L7gJ2bNv6W/+p34z026m3Nh7Ue7IoFgV0mAumewSEQhPbRhfYWE Hi0soVSMdqblYUs9+ICu06RbgJl1/p5B5uwUAJ8VmP6NPXiuf56qg4EHvOWkKMsL uegQYdnOICyak56ZJ93MPrgFUWrukYEtqQyu6I6HQLm1TNd+DbbUIVr4b45uZH7e iz7/ziGoaNoD08kddPfdksfcRLvHNtKrGditzs1Kr6SMFPwF4oU8BalOyqJmv2Fv BBaIAKxhNYE8Cmkpr3ZG9bjjZThYsqBm1lJOzSzIDirlcq6H2iUkWigQrJOlBcS/ pTZA2gzG4Yxm5jMc45oKehj7CySwb2aoVPzF4ToFcUq1W4me/dH1gNPMppeM4k7w HvLgxZm1qKunDyftzTTE9Q8958/AwifYMkVgXdXaEMDuqtIukVu3GUdTphNBZMhx E9QDMwyw/tBzcc1BUJjYOE4yyQ7d7BiM9TbVJCDtQyOpJEuMw3APoNnJEEVwFZ70 ok+qgQ35LtEWP8dR6cwGXSXnUblCnMjmEILNinCFRVDKPe2HqetHzAAQeMhdVT5T lA6tPW3CbnJB1notRn/DV1sDlehsyc70+2tLUPjfLADNf5aZzIkApB03aazWaei+ 65GWEgURLLa+BamXMwjK6DW9xyNaWAuO20pkckMkly2Qs8kdQp96Ga5cp4dM4uTu H0+FNkrQxLJndpzSdAuHmYoVIRT2eVBTWJN8+D/sxMXY7ILNgAioX+WZejU2tLCy DiGBF++dPvhaGxNa7kRq9WMULj8ll8jMUM/1f7yeSk/Aajp+F5Q6PGhI6JeUooam Z1pcbAzK2yOyrnR5MRrpgOFGvtD3OSGngHjJZj3yGuTXkzKcEZgqSZ4n+bMhivtE nAIcnCzWvvzS+/2YNQVWR5C1KgGO4hNUUrvrRN1n2E6lx9xmDAgvV7Qj7qWFNFgx g7SC0D2Gx8Sgc4ViuhP3KHut/v3BU33phN94HUdMbNYJUuESVaD8xM9id5VSHFQS YrmRPnaFegzaMhE2awpGtWp3XD3giqWjWSNWRtFgVUbxX2kKxoIqMNyQDCtKaXX5 bvDSslTKI4byMaoPbOcRG1i01AwokLid4ZT5YjoqI1333VqaW3cbcnjPFTXOzPW5 B3R8u4FaarhLWCY/lxiifpXalHOYTLjucIUa5+3cJ0R+v9ak+2dsduFWj0yhdYPS Wg5UG/VYgDn7mCXvDvHc6a8VMzQQ4POYtym4ZOZBrOctRLbLsFFVPysmD2uaKm7O 3/6futlB7ASRqunaOcNSwRKDv1Rv3mz5KZD48wEZl/5sTONjjmCWQbshmV+Rd0XH 3u9433ODZ0/A6Lq8fE6T7P3ORLDMvEcPTMFCdTpuBy2KRoMXKFRlk/4FHeOUIM/S NoxhGFPpLpmMZAmIMPMEBiLGny8A3PWGYR0RED3Fo7IpnHB1aFFwNRtiuola0g4U ++gWf0P7CVU6lUCzkC3f =XzwD -----END PGP SIGNATURE----- _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
