CVE-2017-7555 augeas: crash/memory corruption when handling certain escaped strings

[Doran Moppert <dmoppert () redhat com>]

A vulnerability was found in augeas <http://augeas.net/> that could
allow attackers to cause memory corruption possibly leading to arbitrary
code execution by passing crafted strings that would be mis-handled by
parse_name().  A patch created by David Lutterkort is available on the
following PR:

https://github.com/hercules-team/augeas/pull/480

Briefly, input strings ending with a whitespace char would be escaped
(aug_escape_name) then incorrectly trimmed in parse_name, leading to a
later loop stepping over the terminating NUL character.  Crashes in
libvirtd were observed.

This issue was discovered by Han Han (Red Hat) through fuzzing with the
Dice testing framework.

https://bugzilla.redhat.com/show_bug.cgi?id=1478373

-- 
Doran Moppert
Red Hat Product Security

Attachment: _bin
Description: