oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Heap buffer overflow in fgetwln function of libbsd

From: Hanno Böck <hanno () hboeck de>
Date: Wed, 27 Jan 2016 22:03:26 +0100
https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html

libbsd is a library to provide common functions from BSD systems on
Linux.

libbsd 0.8.1 and earlier contains a buffer overflow in the function
fgetwln(). An if checks if it is necessary to reallocate memory in the
target buffer. However this check is off by one, therefore an out of
bounds write happens.

Upstream has released version 0.8.2 to fix this.

I have checked where this function gets used. I didn't find any code
using it, so I assume the impact is limited.

This bug was found with the help of Address Sanitizer.

https://bugs.freedesktop.org/show_bug.cgi?id=93881
http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: _bin
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: