Re: man package / SuSe format string vulnerabilities

[syzop <syz () DDS NL>]

confirmed on debian 2.2r2...
tracing in source of man-db-2.3.16 (man-db-2.3.17 [latest I guess] same problem)...:

-- [src/man.c:752]:
                if (!display ((cwd[0]?cwd:NULL), argv, NULL, basename(argv))) {
                        if ( local_mf )
                              error (0, errno, argv);                  <----- HERE
                        exit_status = NOT_FOUND;
                }

-- [lib/error.c:80]
error (int status, int errnum, const char *message, ...)
-- [lib/error.c:102 (editted)]
  VA_START (args, message);
  vfprintf (stderr, message, args);
--

Auch :)

Cya

    Syzop.


Joao Gouveia wrote:

> Hi there,
>
> I'm sorry if this is a known issue, but i didn't find nothing related to
> format strings in this man package.
> Example follows:
> <quote>
> jroberto@spike:~ > cat /etc/issue
>
> Welcome to SuSE Linux 6.3 (i386) - Kernel \r (\l).
>
> jroberto@spike:~ > man -l %x%x%x%x
> man: 0bffff8600bffff85c: No such file or directory
> jroberto@spike:~ > man -V
> man, version 2.3.10, db 2.3.1, July 12th, 1995 (G.Wilford () ee surrey ac uk)
> </quote>
>
> AFAIK, suse 7.0 also ships with this 'man'. Can anyone confirm this?
>
> Best regards,
>
> Joao Gouveia
> --------------
> tharbad () kaotik org