Re: Possible security fixes in 5.05?

[Vincent Danen <vdanen () redhat com>]

* [2011-04-07 15:17:37 -0400] Christos Zoulas wrote:

Thanks for the quick response, Christos!

> On Apr 7, 11:37am, vdanen () redhat com (Vincent Danen) wrote:
> -- Subject: Re: [oss-security] Possible security fixes in 5.05?
>
> | Looks like there are a few issues here:
> |
> | 2011-01-16  19:31  Reuben Thomas <rrt at sc3d.org>
> |      * Fix two potential buffer overruns in apprentice_list.
> |
> | https://github.com/glensc/file/commit/148f1089b5c4f5ec5d51c2f147379817cb9ac47d
>
> This is an order of evaluation issue, that could read memory over the allocated
> limit. The limit check is done after the read instead of before. The code
> has not been present in any release.

Ok, so it was added post-5.04 and corrected prior to the 5.05 release.
Thank you for clarifying.

> | 2010-09-20  15:24  Reuben Thomas <rrt at sc3d.org>
> |      * Minor security fix to softmagic.c (don't use untrusted
> |        string as printf format).
> |
> | https://github.com/glensc/file/commit/b05926f28f3cab0ef77101f89be154329dcb8dea
>
> The code is present in [5.00-5.04]. It should not be an issue because the desc
> printf formats are checked during parsing. It is mostly to silence a compiler
> warning for printf(ms->desc) -> printf("%s", ms->desc). The code does
> printf(ms->desc, argument) in a ton of other places.

Ok, great.  Thank you for the explanation.

--
Vincent Danen / Red Hat Security Response Team