oss-sec mailing list archives
Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow
From: Sebastian Pipping <sebastian () pipping org>
Date: Mon, 14 Nov 2016 19:58:01 +0100
Thanks for pointing to -u / UCI mode. I guess it does make sense to request/assign a CVE then. The initial report seems to be by Antti Karjalainen at http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html . Best, Sebastian On 14.11.2016 10:42, cve-assign () mitre org wrote:
The reference for this bug is: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134may need some other application in front (e.g. a website using gnuchess for a backend or some mobile/desktop application forwarding evil input to gnuchess with improper validation) to attack.Is it vulnerable without such an application if launched as "gnuchess -u" (UCI mode)? For example, is it taking untrusted input of 4096 characters and sending it to the ValidateMove function that is expecting 128? #define BUF_SIZE 4096 #define MAXSTR 128 if ( flags & UCI ) ... NextEngineCmd(); ... ReadFromEngine(); static char engineinputbuf[BUF_SIZE]=""; nread = read( pipefd_a2f[0], engineinputaux, BUF_SIZE ); strcat( engineinputbuf, engineinputaux ); char enginemovestr[BUF_SIZE]=""; enginemove = ValidateMove( enginemovestr );
Current thread:
- CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 13)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
- Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)
- Re: Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow Sebastian Pipping (Nov 14)
- Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow cve-assign (Nov 14)