Date: Fri, 1 Feb 2002 17:16:12 -0600 (CST) From: toasty <toasty@dragondata.com> To: FreeBSD-gnats-submit@freebsd.org Subject: ports/34540: [PATCH] fix getenv buffer overflow in ports/editors/joe Message-ID: <200202012316.g11NGCS01848@gw.kevinday.com>
next in thread | raw e-mail | index | archive | help
>Number: 34540 >Category: ports >Synopsis: [PATCH] fix getenv buffer overflow in ports/editors/joe >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Feb 01 14:40:02 PST 2002 >Closed-Date: >Last-Modified: >Originator: toasty >Release: FreeBSD 4.4-RELEASE i386 >Organization: DragonData >Environment: System: FreeBSD gw.kevinday.com 4.4-RELEASE FreeBSD 4.4-RELEASE #4: Thu Jan 17 23:34:34 CST 2002 toasty@gw.kevinday.com:/usr/src/sys/compile/GW i386 >Description: There's a buffer overflow in joe's getenv parsing of HOME, producing a trash-the-stack style segv. Not exploitable, since joe isn't suid or a network application or anything. I have received two e-mails about this problem in the span of an hour, one of which claimed to be forwarding his "advisory" to bugtraq. I'm guessing some mailing list somewhere posted about this, but I can't find anything. >How-To-Repeat: bash-2.05$ export HOME=`Perl -e 'print "A" x 5000'` bash-2.05$ joe Segmentation fault (core dumped) >Fix: This should be added as ports/editors/joe/files/patch-ag --- rc.c.orig Fri Feb 1 16:50:23 2002 +++ rc.c Fri Feb 1 16:50:43 2002 @@ -610,7 +610,8 @@ FILE *fd; /* rc file */ int line=0; /* Line number */ int err=0; /* Set to 1 if there was a syntax error */ - ossep(zcpy(buf,name)); + strlcpy(buf,name,sizeof(buf)); + ossep(buf); #ifdef __MSDOS__ fd=fopen(buf,"rt"); #else >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202012316.g11NGCS01848>