[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request - remind 3.1.14 and earlier - buffer overflow
From: Dianne Skoll <dfs () roaringpenguin ! com>
Date: 2015-07-28 20:26:53
Message-ID: 20150728162653.2ae4a3bc () hydrogen ! roaringpenguin ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Please issue a CVE number for this vulnerability:
http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html
Patch fixing the problem is below. Remind home page is at
https://www.roaringpenguin.com/products/remind
Regards,
Dianne.
================================================================================
diff --git a/src/var.c b/src/var.c
index 2d68bab..cf933c2 100644
- --- a/src/var.c
+++ b/src/var.c
@@ -757,6 +757,10 @@ static void DumpSysVar(char const *name, const SysVar *v)
if (!v && !name) return; /* Shouldn't happen... */
buffer[0]='$'; buffer[1] = 0;
+ if (name && strlen(name) > VAR_NAME_LEN) {
+ fprintf(ErrFp, "$%s: Name too long\n", name);
+ return;
+ }
if (name) strcat(buffer, name); else strcat(buffer, v->name);
fprintf(ErrFp, "%*s ", VAR_NAME_LEN+1, buffer);
if (v) {
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iD8DBQFVt+WRwYQuKhJvQuARAiuOAJwI3Ccvm8ZHwlsP7TrIgFogbbLVoACfQ2sC
qZigZbtWkH64FYjUtbAOTDs=
=oyu4
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic