Date: Thu, 30 Apr 2020 11:26:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 246050] Buffer overflows in fortune's strfile, unstr and randstr Message-ID: <bug-246050-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246050 Bug ID: 246050 Summary: Buffer overflows in fortune's strfile, unstr and randstr Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: shlomif@gmail.com Hi all! There are some bufferoverflows at https://svnweb.freebsd.org/base/head/usr.bin/fortune/strfile/strfile.c?revision=316500&view=markup#l299 if *argv is long enough. Here is a fix for fortune-mod: https://svnweb.mageia.org/packages/updates/7/fortune-mod/current/SOURCES/fortune-mod--security-buffer-overflows-w-tests.patch?view=markup&pathrev=1573463 When refactoring fortune-mod, which started as a fork of netbsd's fortune, and which I adopted, I found some buffer overflows and saw they were still present in freebsd's and netbsd's fortune. openbsd appears to have fixed them, and a netbsd developer fixed their copy after I reported it on freenode's #netbsd channel. For more dicussion, and a reproducer: * https://bugs.mageia.org/show_bug.cgi?id=26567 * https://github.com/shlomif/fortune-mod/commits/master -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-246050-227>