oss-sec mailing list archives
screen crash processing combining characters
From: Tavis Ormandy <taviso () gmail com>
Date: Tue, 9 Feb 2021 16:06:07 -0000 (UTC)
Hello, I noticed someone posted this to the screen-devel list. I can reproduce it here, just catting the testcase does crash my screen session. https://lists.gnu.org/archive/html/screen-devel/2021-02/msg00000.html (I think it wasn't supposed to be public, but it is, so better it's visible to security teams) It looks like it might be exploitable at first glance, I see a crash here in encoding.c, because i is out of range. 1411 else if (!combchars[i]) 1412 { 1413 combchars[i] = (struct combchar *)malloc(sizeof(struct combchar)); 1414 if (!combchars[i]) 1415 return; 1416 combchars[i]->prev = i; 1417 combchars[i]->next = i; 1418 } Exploitable or not, it would be annoying if someone stuffed this into logfiles being tailed, or whatever. Tavis. -- _o) $ lynx lock.cmpxchg8b.com /\\ _o) _o) $ finger taviso () sdf org _\_V _( ) _( ) @taviso
Current thread:
- screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Harry Sintonen (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: Re: screen crash processing combining characters Utkarsh Gupta (Feb 10)
- Re: Re: screen crash processing combining characters Salvatore Bonaccorso (Feb 10)
- Re: screen crash processing combining characters Tavis Ormandy (Feb 09)
- Re: screen crash processing combining characters Utkarsh Gupta (Feb 09)