oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request - remind 3.1.14 and earlier - buffer overflow

From: Dianne Skoll <dfs () roaringpenguin com>
Date: Tue, 28 Jul 2015 16:26:53 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Please issue a CVE number for this vulnerability:

http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html

Patch fixing the problem is below.  Remind home page is at
https://www.roaringpenguin.com/products/remind

Regards,

Dianne.

================================================================================
diff --git a/src/var.c b/src/var.c
index 2d68bab..cf933c2 100644
- --- a/src/var.c
+++ b/src/var.c
@@ -757,6 +757,10 @@ static void DumpSysVar(char const *name, const SysVar *v)
     if (!v && !name) return;  /* Shouldn't happen... */
 
     buffer[0]='$'; buffer[1] = 0;
+    if (name && strlen(name) > VAR_NAME_LEN) {
+       fprintf(ErrFp, "$%s: Name too long\n", name);
+       return;
+    }
     if (name) strcat(buffer, name); else strcat(buffer, v->name);
     fprintf(ErrFp, "%*s  ", VAR_NAME_LEN+1, buffer);
     if (v) {


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iD8DBQFVt+WRwYQuKhJvQuARAiuOAJwI3Ccvm8ZHwlsP7TrIgFogbbLVoACfQ2sC
qZigZbtWkH64FYjUtbAOTDs=
=oyu4
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: