|
From: | William Bader |
Subject: | Re: Buffer overflow in the StringQuotedWord() function |
Date: | Thu, 22 Oct 2020 22:55:28 +0000 |
The attached patch should fix both of the CVEs.
The one in StringQuotedWord was more complicated because it was due to a string longer than MAX_BUFF, and when I fixed the access there, other places had errors.
The one in srcnext needed only an extra test in a loop.
I tested the manual in doc/user before and after, and the only differences seemed to be places that embedded the current time.
Regards, William
From: Reinoud Zandijk <reinoud@13thmonkey.org>
Sent: Thursday, October 22, 2020 4:54 AM To: William Bader <williambader@hotmail.com> Cc: Jeffrey Kingston <jeffrey.kingston@sydney.edu.au>; Matěj Cepl <mcepl@cepl.eu>; lout-users@nongnu.org <lout-users@nongnu.org> Subject: Re: Buffer overflow in the StringQuotedWord() function On Wed, Oct 21, 2020 at 03:37:15AM +0000, William Bader wrote:
> I have active projects that use lout, and my diff file of small fixes and > enhancement to lout-3.40 is now over 1300 lines. Would it be possible to > find a home for the 3.40 source on github or > https://www.freedesktop.org/wiki/ so that patches can at least be posted as > issues even if there is never another release? Someone posted 3.39 as > https://github.com/thektulu/lout Someone posted some data fixes as > https://github.com/EPadronU/lout github has some other projects called lout, > but I think that they are for Logging OUTput of web apps. Has anyone looked > at the memory issues? StringQuotedWord lout-3.40/z39.c:254:66 looks easy to > fix by checking that q < &buf[MAX_BUF-2] in the loop. srcnext > lout-3.40/z02.c:381:26 is more complicated. Does it have to check that limit > > mem_block? Regards, William A shared repository would be handy indeed. If don't know if github is a good idea since it can frament a lot but it needs a maintainer/shared git account so it doesn't get lost. Its sad to see linux distro's already dumping it. With regards, Reinoud |
lout-3.40-cve.pat
Description: lout-3.40-cve.pat
[Prev in Thread] | Current Thread | [Next in Thread] |