Bug#699820: stack smashing when reading ics file

Sebastian Ramacher sramacher at debian.org
Wed Feb 6 17:37:35 UTC 2013


Control: tags -1 + patch

On 2013-02-05 11:01:39, Sang Kil Cha wrote:
> imview has stack smashing vulnerability when parsing ics header @
> io/readics.cxx:320
> 
>      /* get the filename from the ICS file */
> 
>          t = temp1;
>              while (*bp != delim2)
>                      *t++ = *bp++;

The attached patch should fix this bug. It adds bounds checking for all
the parts that read in a way like that.

The provided file doesn't crash with the patch, but since I don't have
any ICS images, someone else should check if the patch doesn't break
anything.

Regards
-- 
Sebastian Ramacher
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 699820.patch
Type: text/x-diff
Size: 8307 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20130206/4f029406/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20130206/4f029406/attachment.pgp>


More information about the debian-science-maintainers mailing list