Bug#699820: stack smashing when reading ics file
Sebastian Ramacher
sramacher at debian.org
Wed Feb 6 17:37:35 UTC 2013
Control: tags -1 + patch
On 2013-02-05 11:01:39, Sang Kil Cha wrote:
> imview has stack smashing vulnerability when parsing ics header @
> io/readics.cxx:320
>
> /* get the filename from the ICS file */
>
> t = temp1;
> while (*bp != delim2)
> *t++ = *bp++;
The attached patch should fix this bug. It adds bounds checking for all
the parts that read in a way like that.
The provided file doesn't crash with the patch, but since I don't have
any ICS images, someone else should check if the patch doesn't break
anything.
Regards
--
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 699820.patch
Type: text/x-diff
Size: 8307 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20130206/4f029406/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20130206/4f029406/attachment.pgp>
More information about the debian-science-maintainers
mailing list