Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Feb 2002 17:16:12 -0600 (CST)
From:      toasty <toasty@dragondata.com>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/34540: [PATCH] fix getenv buffer overflow in ports/editors/joe
Message-ID:  <200202012316.g11NGCS01848@gw.kevinday.com>
next in thread | raw e-mail | index | archive | help 

>Number:         34540
>Category:       ports
>Synopsis:       [PATCH] fix getenv buffer overflow in ports/editors/joe
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 01 14:40:02 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     toasty
>Release:        FreeBSD 4.4-RELEASE i386
>Organization:
DragonData
>Environment:
System: FreeBSD gw.kevinday.com 4.4-RELEASE FreeBSD 4.4-RELEASE #4: Thu Jan 17 23:34:34 CST 2002 toasty@gw.kevinday.com:/usr/src/sys/compile/GW i386


>Description:

There's a buffer overflow in joe's getenv parsing of HOME, producing a
trash-the-stack style segv. Not exploitable, since joe isn't suid or a
network application or anything.

I have received two e-mails about this problem in the span of an hour, one
of which claimed to be forwarding his "advisory" to bugtraq. I'm guessing
some mailing list somewhere posted about this, but I can't find anything.

>How-To-Repeat:

bash-2.05$ export HOME=`Perl -e 'print "A" x 5000'`
bash-2.05$ joe
Segmentation fault (core dumped)

>Fix:

This should be added as ports/editors/joe/files/patch-ag


--- rc.c.orig	Fri Feb  1 16:50:23 2002
+++ rc.c	Fri Feb  1 16:50:43 2002
@@ -610,7 +610,8 @@
  FILE *fd;			/* rc file */
  int line=0;			/* Line number */
  int err=0;			/* Set to 1 if there was a syntax error */
- ossep(zcpy(buf,name));
+ strlcpy(buf,name,sizeof(buf));
+ ossep(buf);
 #ifdef __MSDOS__
  fd=fopen(buf,"rt");
 #else
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202012316.g11NGCS01848>