[sword-devel] installmgr (and xiphos) crashes (svn 2831)

Mark Trompell mark at foresightlinux.org
Thu Jun 27 12:41:06 MST 2013


I see. I'll try to come up with a better patch on Monday. I won't have time earlier. 
Blessings
Mark
--- Ursprüngl. Mitteilung ---
Von: Jaak Ristioja
Gesend.:  27.06.2013, 16:15 
An: sword-devel at crosswire.org
Betreff: Re: [sword-devel] installmgr (and xiphos) crashes (svn 2831)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I think you only fixed pBuf not being set to NULL prematurely. But this:

  memset(possibleName, 0, 400);

doesn't help. The sprintf function always writes a terminating \0
character. The problem is not that a \0 character is not written,
because it is written (unless a memory error occurs first). The
problem is that if possibleNameLength > 399 then it writes the
characters (including the terminating \0 character) past the end of
the possibleName buffer, corrupting memory, potentially outside of the
virtual address space of the program (usually triggering the OS to
kill the process with a segfault or something).

The memset call is not needed, but it should be checked that
possibleNameLength < 400 (strictly "less-than"). Otherwise

  sprintf(possibleName, "%.*s", possibleNameLength, pBuf);

is a security vulnerability. I wonder whether a CVE is required.


Blessings,
Jaak

	
On 27.06.2013 14:45, Mark Trompell wrote:
> Sending again with tabs instead of blancs in the first hunk
> 
> On Thu, Jun 27, 2013 at 1:17 PM, Mark Trompell 
> <mark at foresightlinux.org> wrote:
>> I just fixed it :). Attached patch will initialize possibleNames 
>> with 0 bytes to make sure we always have the name 0 terminated 
>> properly. and it will move the pBuf=pBufRes into the check for 
>> ifBufRes != NULL, in case no filesize is found (because of 
>> another apache is displaying it differently) Shouldn't break 
>> existing setups.
> 
> 
> 
> 
> _______________________________________________ sword-devel
> mailing list: sword-devel at crosswire.org 
> http://www.crosswire.org/mailman/listinfo/sword-devel Instructions 
> to unsubscribe/change your settings at above page
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)

iQgcBAEBAgAGBQJRzEjkAAoJEEqsYmEt1rCOCs4//2CXZeOyKAPtzSDMuXThEdlz
BJqSN/p1/GRdut0/hT3FZWmf2pF8rmEmy4MrptdQFovQh8Ek9KD1gxH9KrXboyd3
HYXdWTcNkUTviKWoyVPIaL/x4xJZgKlN0zJZ8gNwRRgxCjyUzyIe6FqoQA3gjabO
eUXrl2KMx4TSXI5/wOiOrOSTLYEtCrey+hwdSUWOux8tf/sWuzP8YOMGuNbwsigC
P7AQFHr2QN2wORMnXqp5LhsxQXpaQMbaKVFTIw9bzpGUho2a0sF7sd3AqcfL/STA
+83Si8gdPF8uk5YVaae1idYsaGCPlWetm1LvFHRXTm9ut021t7Sfrt9bQIEJIVfX
IbjCO0JXoJxpmuOzPIUusSOj+3YKdBT5dHzWxMifI/SwaHfc4KPch9A1cpZGkphg
EO6+ZAFEVqVXA/KLhgHI+7Skah3o0cfA98lDypvW7zdcXTAl9Zd0LCbVWjD3zurA
Kf7IFiHhEs83XcqbbN6T4LPdnUJoF0pDXCaRcKJqrToC09GKDaaniJpKlmWW1r8a
aozRqRM1i4sp3tJ2JM0aEX4pkindd10a/8m0qe37JlyImwmRMbLdFd9QePKu8Otf
NaxCWWmnX9QfR1tX78CxiIsEoKotdWkq1HajmLsbQIRudYd8iRlioMbvVBSIxkSD
6oTaxScd8oLvrX6aCzMkD0jF+6lj0Uvb063Kx+ZBlkwuIJaF97sGqyLO2/QlV9Mq
5Om5OlhcgDzv9qKMg7JvoTAOHm4P4cpSmYrC7d9QlJGP6IpC6oss3XGS9U3nwPYO
bfFeBr9z/dXiOVqB/1k6nG3HcYTeIW42xN5Ep1R7R7/v7R827SnXIA+pi/1BoA1t
Kvrwbzhuq9U+zQAwBZlkoNKKpjYOF/OsAz0umbqB3ZOzxscANRtmESmH23eJOi80
p+vlTsdxL24CanCOfx8nm5+fjnM2/qfifPhkECbjULj2DaWzUh3za0SBY9u218+j
boojjnq12aP55V9AXnOIyTR66T0r+MFNgefqSXArQChtz3qy1JqbKYNbp+quOSF0
nAyqX0fk5Boo/SeFyCXb6lIZA0RIOmsAU6dkgH7X676TOovcQXPAlGZMMrkJJYa6
HiVAsbk/q2g2+SX/z6k4cWWMir7caes3SexPflkA0o63FQYNCdmb4qPZtBvHmVh5
n0AvcSUKdq7aO9ldqnin7eE845EL+RsoBb+QBdQTXmezFHm6xlcgkgqvh031syou
lbg54gwPGTnWW/+XiYKnHtrQGaxCHSCHr/z3JwMavrKdYkvIOt19yZbRr33i3N7y
CCp+V7m5Ad2nUHaVLDhFMkWl1SckuXupwyu++ulbLqLd/pbLR64UUFRe4mT8J7pq
527loiDg7ohbJ6Uhu84UguVMnEttja+fh8IXs93b3HdkDF2m6ak3y04B/XJRB9ad
RnfrDdFHhTYk0/VktFwGIEBWSDANqWI7W12fYhsOWUnfvCFlB/TqNZlwVU4dw1mU
MxW4AEJtdol9LcNg5U+X7jJpTIVD6a/lI8VKJthJ2s7cuoScga4quMCmzF3kWbpV
ZTALcHBRKSkT4Py/Q9UwR1OhgEA+S564ygFt1eksOuKUNHQu7q07z2qbKJAKsawt
g6hlBTOPKmplW+f9qI2OVGOJkmmc7WLtTLxN7+gs00ctZ2Zeel3f8V05JGoY809V
AWMWocXsP6c4nJUvo/Vng6RM2AqmIpz7CUh1l4Fuzqj4R7iOEPEczzHu7gm6igRV
6OkR9m5FNJnabR3ZIgRd+JdaCpnegJtghMDOfQvUKabbGjYc0/ceb9bG9+FMI+Im
neWBAGwtQd4buFH6mlfHH4beWA4QZX8HKUTh9H5lYcpxv3Fgf5SGplbxgkOE8Dt5
Hs6oP2q1IJqpsykau2i/ZB6zTvcfI2s7HSjNuWsQwvyJhLnaoFsjBeqQv04To5QY
/S/onM7gN4NNeUWt0KTjmpJBFh/31V0QyUx1PkSldyAM4HjE2XVQO/da4KKYP/6i
D1tjNm7aQRyEcvOMLOSBWIPavHe4kadvZfiO1PhxggXVyPPLm/aITFMmfDDFZQTp
8wTeZd54Dg/i9XAAYfdfo5lgW5HtU83TlKLAErxkz60liNj78lKVjz+vB0KgIUe7
88VTjWxzk0CrkHwI+1wALTHPUW01qeOuUOmRtwCcaFVgF1rZpJXePv12q60+IkWT
XjPEAULhzVSmI40WlzsisZxwf/hsrPbrx+p3FQb9GUeR/eVEx+dKfqoB+kZl+8r3
viVn9sdE5Nok4eirVuKZeQZmir9WPZdAU4SB8D32dqLReljyT19RoxuiTOSZn9k6
3I9JU/0uBjql8+V2ywEJH96/rN3J9T2NvMluEkiUPGyl6IAept1uih5KGosyiyyo
5+U/nMT/QOOXNE1D7eFvt4vIPRu08s0pQlTXERbRQdQQxHYpesOKKL/65lRo/JWR
v7imshyWHHBUU3e3aLW+NCfVtHQVHHiF9ymPFfyO0v8wlpYGv4QRvWVr+DQ2/FsY
y6kr5Bw50L19xBZZh9esPq7sJ7RHFRgYjOg20oLpf8nRr+UBc9ViWAxSFORdNUMh
BZ9yuR18p0Rg13bRHXi5AQP6e0WefCz28xZ+3fJUYoR5PQgNWEPlvt4W3EIE3kt9
DPPI4sPXfpoMxpUH7Z5NrgHH8DEOzOPkXxv5fnp07xf76Bz6SztZE4+IHR7BATjr
rleT5NVP+FegC227npPx
=csMN
-----END PGP SIGNATURE-----

_______________________________________________
sword-devel mailing list: sword-devel at crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page




More information about the sword-devel mailing list