'[oss-security] CVE request - remind 3.1.14 and earlier - buffer overflow'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request - remind 3.1.14 and earlier - buffer overflow
From:       Dianne Skoll <dfs () roaringpenguin ! com>
Date:       2015-07-28 20:26:53
Message-ID: 20150728162653.2ae4a3bc () hydrogen ! roaringpenguin ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Please issue a CVE number for this vulnerability:

http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html

Patch fixing the problem is below.  Remind home page is at
https://www.roaringpenguin.com/products/remind

Regards,

Dianne.

================================================================================
diff --git a/src/var.c b/src/var.c
index 2d68bab..cf933c2 100644
- --- a/src/var.c
+++ b/src/var.c
@@ -757,6 +757,10 @@ static void DumpSysVar(char const *name, const SysVar *v)
     if (!v && !name) return;  /* Shouldn't happen... */
 
     buffer[0]='$'; buffer[1] = 0;
+    if (name && strlen(name) > VAR_NAME_LEN) {
+	fprintf(ErrFp, "$%s: Name too long\n", name);
+	return;
+    }
     if (name) strcat(buffer, name); else strcat(buffer, v->name);
     fprintf(ErrFp, "%*s  ", VAR_NAME_LEN+1, buffer);
     if (v) {


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iD8DBQFVt+WRwYQuKhJvQuARAiuOAJwI3Ccvm8ZHwlsP7TrIgFogbbLVoACfQ2sC
qZigZbtWkH64FYjUtbAOTDs=
=oyu4
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic