Re: sharutils obscure fscanf() buffer overflow

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sharutils obscure fscanf() buffer overflow

From:	Bruce Korb
Subject:	Re: sharutils obscure fscanf() buffer overflow
Date:	Sun, 15 Aug 2004 04:14:57 -0700

Bruce Korb wrote:
> 
> Ulf Härnhammar wrote:
> >
> > Hello,
> >
> > I have found an obscure buffer overflow in shar from the sharutils 4.2.1
> > package.
> >
> > The shar command executes wc when creating shar archives. In the rather
> > unlikely scenario where there is a malicious wc command installed that
> > prints lots of output, a buffer overflow will occur in shar, because of a
> > "%s" format string in an fscanf() call in shar.c.
> >
> > This is of course no serious security threat. Nevertheless, I think it
> > is worth fixing, as the Right Thing for a program should be not to assume
> > anything about its input and to handle various problems well.
> >
> > I have attached a patch against sharutils-4.2.1 and an evil wc command that
> > exhibits this problem in shar on my machine (Debian GNU/Linux testing).
> >
> > // Ulf Harnhammar
> >    http://www.advogato.org/person/metaur/

You were right, I was too hasty.  I read several emails about
an extrememly similar issue, all of which had been addressed in the code.
This one had not.  As soon as I am allowed to fix this, I will.
Regards, Bruce

[Prev in Thread]

Current Thread

[Next in Thread]

sharutils obscure fscanf() buffer overflow, Ulf Härnhammar, 2004/08/14
- Re: sharutils obscure fscanf() buffer overflow, Bruce Korb, 2004/08/15
  - Re: sharutils obscure fscanf() buffer overflow, Bruce Korb <=

Prev by Date: Re: sharutils obscure fscanf() buffer overflow
Next by Date: Re: grep
Previous by thread: Re: sharutils obscure fscanf() buffer overflow
Next by thread: [PATCH] cmp to accept "cmp DIR1/FILE DIR2/" etc
Index(es):
- Date
- Thread