Re: sharutils obscure fscanf() buffer overflow

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sharutils obscure fscanf() buffer overflow

From:	Bruce Korb
Subject:	Re: sharutils obscure fscanf() buffer overflow
Date:	Sat, 14 Aug 2004 10:15:41 -0700

Ulf Härnhammar wrote:
> 
> Hello,
> 
> I have found an obscure buffer overflow in shar from the sharutils 4.2.1
> package.
> 
> The shar command executes wc when creating shar archives. In the rather
> unlikely scenario where there is a malicious wc command installed that
> prints lots of output, a buffer overflow will occur in shar, because of a
> "%s" format string in an fscanf() call in shar.c.
> 
> This is of course no serious security threat. Nevertheless, I think it
> is worth fixing, as the Right Thing for a program should be not to assume
> anything about its input and to handle various problems well.
> 
> I have attached a patch against sharutils-4.2.1 and an evil wc command that
> exhibits this problem in shar on my machine (Debian GNU/Linux testing).
> 
> // Ulf Harnhammar
>    http://www.advogato.org/person/metaur/

Thank you for the report.  Once all the paperwork is done, the current
release will be made more widely available and this bug will be fixed.
Actually, it's been fixed for a few years.  #-(

[Prev in Thread]

Current Thread

[Next in Thread]

sharutils obscure fscanf() buffer overflow, Ulf Härnhammar, 2004/08/14
- Re: sharutils obscure fscanf() buffer overflow, Bruce Korb <=
  - Re: sharutils obscure fscanf() buffer overflow, Bruce Korb, 2004/08/15

Prev by Date: Re: Fgrep
Next by Date: Re: sharutils obscure fscanf() buffer overflow
Previous by thread: sharutils obscure fscanf() buffer overflow
Next by thread: Re: sharutils obscure fscanf() buffer overflow
Index(es):
- Date
- Thread