Date: Thu, 30 Apr 2020 11:26:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246050] Buffer overflows in fortune's strfile, unstr and randstr Message-ID: <bug-246050-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D246050 Bug ID: 246050 Summary: Buffer overflows in fortune's strfile, unstr and randstr Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: shlomif@gmail.com Hi all! There are some bufferoverflows at https://svnweb.freebsd.org/base/head/usr.bin/fortune/strfile/strfile.c?revi= sion=3D316500&view=3Dmarkup#l299 if *argv is long enough. Here is a fix for fortune-mod: https://svnweb.mageia.org/packages/updates/7/fortune-mod/current/SOURCES/fo= rtune-mod--security-buffer-overflows-w-tests.patch?view=3Dmarkup&pathrev=3D= 1573463 When refactoring fortune-mod, which started as a fork of netbsd's fortune, = and which I adopted, I found some buffer overflows and saw they were still pres= ent in freebsd's and netbsd's fortune. openbsd appears to have fixed them, and a netbsd developer fixed their copy after I reported it on freenode's #netbsd channel. For more dicussion, and a reproducer: * https://bugs.mageia.org/show_bug.cgi?id=3D26567 * https://github.com/shlomif/fortune-mod/commits/master --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246050-227>