Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 16:26:53 -0400
From: Dianne Skoll <dfs@...ringpenguin.com>
To: oss-security@...ts.openwall.com
Subject: CVE request - remind 3.1.14 and earlier - buffer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Please issue a CVE number for this vulnerability:

http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html

Patch fixing the problem is below.  Remind home page is at
https://www.roaringpenguin.com/products/remind

Regards,

Dianne.

================================================================================
diff --git a/src/var.c b/src/var.c
index 2d68bab..cf933c2 100644
- --- a/src/var.c
+++ b/src/var.c
@@ -757,6 +757,10 @@ static void DumpSysVar(char const *name, const SysVar *v)
     if (!v && !name) return;  /* Shouldn't happen... */
 
     buffer[0]='$'; buffer[1] = 0;
+    if (name && strlen(name) > VAR_NAME_LEN) {
+	fprintf(ErrFp, "$%s: Name too long\n", name);
+	return;
+    }
     if (name) strcat(buffer, name); else strcat(buffer, v->name);
     fprintf(ErrFp, "%*s  ", VAR_NAME_LEN+1, buffer);
     if (v) {


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iD8DBQFVt+WRwYQuKhJvQuARAiuOAJwI3Ccvm8ZHwlsP7TrIgFogbbLVoACfQ2sC
qZigZbtWkH64FYjUtbAOTDs=
=oyu4
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.