Date: Mon, 12 Nov 2007 13:28:34 GMT From: Lev Levinson <llevinson@mail.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/118001: sysinstall can't read some packages from INDEX. (buffer overflow). Message-ID: <200711121328.lACDSYDE063306@www.freebsd.org> Resent-Message-ID: <200711121330.lACDU0h3099836@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 118001 >Category: misc >Synopsis: sysinstall can't read some packages from INDEX. (buffer overflow). >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Nov 12 13:30:00 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Lev Levinson >Release: FreeBSD-7.0-BETA1 >Organization: >Environment: FreeBSD porky.dep24 7.0-BETA1 FreeBSD 7.0-BETA1 #0: Wed Nov 7 13:45:40 MSK 2007 root@porky.dep24:/usr/src/sys/i386/compile/GENERIC_NODEBUG i386 >Description: Sysinstall reads not-used fields of INDEX-file (especially "build dependencies") into buffer: char junk[2048] (see: src/usr.sbin/sysinstall/index.c:294,310) But to-day big packages (like kde) has more then 2048 chars in that field. As a result, buffer junk[] overflows and garbage appears in Packages menu of sysinstall. >How-To-Repeat: cd /usr/ports make fetchindex mkdir -p /tmp/tttt/packages egrep "^kde" INDEX-7 > /tmp/tttt/packages/INDEX sysinstall In it menu select: Configure --> Packages --> File System --> enter path: "/tmp/tttt" look at garbage in menu "Package Selection". >Fix: Increase size of buffer junk[] at src/usr.sbin/sysinstall/index.c:294 from 2048 to 4096 (or 8192). >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711121328.lACDSYDE063306>