oss-sec mailing list archives
Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6
From: mancha () mac hush com
Date: Sat, 30 Jun 2012 21:44:01 -0500
Below find a patch for the 2.6.x branch of GIMP to address a potential buffer overflow in the script-fu server (CVE-2012-2763) reported on this list by J. Sheridan (http://www.openwall.com/lists/oss-security/2012/05/31/1) --mancha ====================== Fix for CVE-2012-2763 for GIMP 2.6.x by mancha. Based on commit 76155d79df8d497. Thanks to muks, Kevin, and Ankh for identifying the relevant code change. Ref: Fixed potential buffer overflow in readstr_upto(). ---------- --- a/plug-ins/script-fu/tinyscheme/scheme.c 2012-06-30 +++ b/plug-ins/script-fu/tinyscheme/scheme.c 2012-06-30 @@ -1727,7 +1727,8 @@ static char *readstr_upto(scheme *sc, ch c = inchar(sc); len = g_unichar_to_utf8(c, p); p += len; - } while (c && !is_one_of(delim, c)); + } while ((p - sc->strbuff < sizeof(sc->strbuff)) && + (c && !is_one_of(delim, c))); if(p==sc->strbuff+2 && c_prev=='\\') *p = '\0';
Current thread:
- Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6 mancha (Jul 01)