oss-sec mailing list archives
CVE request - remind 3.1.14 and earlier - buffer overflow
From: Dianne Skoll <dfs () roaringpenguin com>
Date: Tue, 28 Jul 2015 16:26:53 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Please issue a CVE number for this vulnerability: http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html Patch fixing the problem is below. Remind home page is at https://www.roaringpenguin.com/products/remind Regards, Dianne. ================================================================================ diff --git a/src/var.c b/src/var.c index 2d68bab..cf933c2 100644 - --- a/src/var.c +++ b/src/var.c @@ -757,6 +757,10 @@ static void DumpSysVar(char const *name, const SysVar *v) if (!v && !name) return; /* Shouldn't happen... */ buffer[0]='$'; buffer[1] = 0; + if (name && strlen(name) > VAR_NAME_LEN) { + fprintf(ErrFp, "$%s: Name too long\n", name); + return; + } if (name) strcat(buffer, name); else strcat(buffer, v->name); fprintf(ErrFp, "%*s ", VAR_NAME_LEN+1, buffer); if (v) { -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iD8DBQFVt+WRwYQuKhJvQuARAiuOAJwI3Ccvm8ZHwlsP7TrIgFogbbLVoACfQ2sC qZigZbtWkH64FYjUtbAOTDs= =oyu4 -----END PGP SIGNATURE-----
Current thread:
- CVE request - remind 3.1.14 and earlier - buffer overflow Dianne Skoll (Jul 28)
- Re: CVE request - remind 3.1.14 and earlier - buffer overflow cve-assign (Aug 06)