[sane-devel] Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server

Olaf Meeuwissen paddy-hack at member.fsf.org
Mon Feb 20 12:13:12 UTC 2017

Hi Kritphong,

Kritphong Mongkhonvanit writes:

> Hi Olaf,
> On 02/19/2017 02:53 PM, Olaf Meeuwissen wrote:
>> Attached is a minimal hack/patch that *tries* to fix it.  I have only
>> checked that it compiles.  Could you take a look at whether it fixes
>> the issue and does not break saned?
> Thank you for your patch. I performed some basic tests and it seems to
> fix the issue for me. It doesn't break saned as far as I can tell.

That's good news.

@sane-devel> If some of you could review the patch[0] and do some
             testing that would be appreciated.

 [0] http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html

If someone is willing to pull saned through valgrind and post the
results to the mailing list (don't spam the Debian BTS with this,
please), that'd be appreciated as well.
# I'm a just a wee bit worried there is more amiss with saned.

Alternatively, open a tracker issue[1] and assign it to me.

 [1] https://alioth.debian.org/tracker/?func=add&group_id=30186&atid=410366

Hope this helps,
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join

More information about the sane-devel mailing list