[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: out of bounds stack access in idn tool
|
From: |
Simon Josefsson |
|
Subject: |
Re: out of bounds stack access in idn tool |
|
Date: |
Mon, 10 Aug 2015 10:34:49 +0200 |
|
User-agent: |
Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux) |
Simon Josefsson <address@hidden> writes:
> Hanno Böck <address@hidden> writes:
>
>> Hi,
>>
>> When passing the attacked file (libidn-oob-stack-read-main) to the idn
>> command line tool this will cause an out of bounds stack access. This
>> can be seen with either valgrind or by recompiling idn with address
>> sanitizer. The input consists of a random character, a newline and a
>> zero byte.
>>
>> The error happens in the function main in this code
>> if (readbuf[strlen (readbuf) - 1] == '\n')
>> readbuf[strlen (readbuf) - 1] = '\0';
>>
>> If readbuf is a zero byte string this won't work. I have attached a
>> patch how to prevent this. Not sure if this is the best way, but it
>> prevents the oob access.
>
> Thank you for the report. I believe idn should use getline instead of
> this funky fixed-buffer fgets+hacks approach. I'll try to implement it.
Hi Hanno.
I have implemented this solution now -- please see these commits:
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commitdiff;h=570e68886c41c2e765e6218cb317d9a9a447a041
http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commitdiff;h=8b6b44f1bffbdae98d8791434bf5e77da74acbb4
If you have any comments or thoughts, please let me know.
Thanks,
/Simon
signature.asc
Description: PGP signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: out of bounds stack access in idn tool,
Simon Josefsson <=