Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20180223113344.GA6246@openwall.com>
Date: Fri, 23 Feb 2018 12:33:44 +0100
From: Solar Designer <solar@...nwall.com>
To: Dominik Csapak <d.csapak@...xmox.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c

Hi Dominik,

On Fri, Feb 23, 2018 at 09:20:48AM +0100, Dominik Csapak wrote:
> I do not know where you looked at our code,

In these GitHub repos, which I thought were official:

https://github.com/proxmox/vncterm
https://github.com/proxmox/spiceterm

Shortly after I sent the message, I realized I should have included
these links in it.  Ditto for other projects, so here they are:

XenServer vncterm:

https://github.com/xenserver/vncterm

Might be also out of date, since last commit is 2 years ago?  But could
also be latest.  These things don't have to be updated frequently.

For QEMU, I did:

git clone git://git.qemu.org/qemu.git

> but in our official git repositories for vncterm[1] and spiceterm[2]
> 
> those issues are already fixed (since 2017-05-05)
> 
> i changed those variables all to unsigned int, which makes those 
> increments defined behavior, and the range checks are ok, because
> they cannot be negative anymore.
> (it may behave strange, but you cannot trigger an out-of-bounds 
> read/write anymore)
> also, i replaced the vt->cy += buf code paths with calls to
> vncterm_gotoxy (which as you mentioned, perform all necessary checks)
> 
> Dominik
> 
> [1]: https://git.proxmox.com/?p=vncterm.git;a=summary
> [2]: https://git.proxmox.com/?p=spiceterm.git;a=summary

Sounds great.  (I haven't looked yet.)

Sorry for the false alarm, then.  (I imagine some users would like to
know of these issues having existed and having been fixed, though.)

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.