oss-sec mailing list archives
Re: paps: heap overflow when processing crafted file
From: cve-assign () mitre org
Date: Fri, 29 Jul 2016 16:43:37 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The bug comes from the fuzzer, which did not pass an empty file. Later, I discovered that an empty file has the same behaviour of the crafted. In other words: - The same crash happen for the empty and crafted file. - The patch covers both cases (when the file is empty and when contains random data).
Right, the file does not need to be empty (file length of zero), but inbuf->len needs to end up being zero, which means that the g_iconv calls produce zero output bytes for every line of the input file. After the buffer under-read, if there isn't a crash, the return value of read_file can be the empty string, which wasn't intended to be a possible return value. However, we haven't seen information indicating that this causes a security problem in later code. This is a command-line program, and the available information is that there is sometimes a non-exploitable crash when operating on an invalid file. For now, we are categorizing this as an inconvenience to the user, not a vulnerability: there is no CVE ID. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXm79CAAoJEHb/MwWLVhi2N+UP+wePxHygX5ysWdiPbuqKjS8h whEFNT7IOmFKBcZOEF1DGZs8Avwet2qbeFOvEU3HymEQEzyepLCn4vP5iPQHzqiT ZFHD/cH/mKdr4IBwvFY6ipItanLSPd7kwXriFxwGJwwOzTWqT/2JwOxt4zUDL1xK lFjRI2tpqPMkDFRRwogaculT/vx3c72K5tj0CgJHyXAkz+xJL4ZfKVTVnEyybJsf 1ihnu2uXQUUy9cwMb15X/a/3Zp9SwaSPmOq7U12aZMxYE1HdirFYhbfIbhQvhpvi DZyLvu/h6T0z465Yguq+ru7Q9eArWEu3JDjr4H2uIjWnOIlcc5tifidnz+nYWS3S 8yfZnvLUf3gziwKYBPJTz+SyyEK0fba3zq+aifNpjU82jHsFSQ5jG+099QDA+ABM GEoM++3Avi6wCwPafSi/zJgh/HV0gxsQbqw4dJ2V3PdXcU9Gd5kqEiwEabXecX7q hbNx+Xkagip07CBLpdEdYSkaw6jbqXWjjzeYcy66GxVv1bI93VLDLfmC7vsKUY17 stgbEQEt89J+bWcVC1HpBp1zWNT42bn06JhAeYU4iAhYcuvWitUCo6qJwunuqknr 17NZqaTaG0AsWXnQIGLHpCQNlAmfXKHBph097Lj/SUxE9NpxECTY3ewQT+JKdylG Qk0Mx1+5uqMRiN8yKRhP =979d -----END PGP SIGNATURE-----
Current thread:
- paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 28)
- Re: paps: heap overflow when processing crafted file cve-assign (Jul 28)
- Re: Re: paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 29)
- Re: paps: heap overflow when processing crafted file cve-assign (Jul 29)
- Re: Re: paps: heap overflow when processing crafted file Agostino Sarubbo (Jul 29)
- Re: paps: heap overflow when processing crafted file cve-assign (Jul 28)