Package: dog
Version: 1.7-4
Severity: normal
Steps to reproduce:
1. dog http://`perl -e 'print "A"x256;'`/foo.txt
Expected results:
1. dog should complain about too long hostname or simply state that dns lookup
failed.
Actual results:
1. dog segfaults.
Notes:
It seems that the segfault happens due to a simple buffer overflow in
dog.c, function ProcessFileFromPath, which contains the following
fragment:
char hostport[128],*m;
const char *s;
s = path+7;
for(m=hostport;s[0]!=':'&&s[0]!='/'&&s[0];) {
*m++ = *s++;
}
I have not checked but I think this could allow execution of arbitrary
code.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.29sauna
Locale: LANG=C, LC_CTYPE=fi_FI (charmap=ISO-8859-1)
Versions of packages dog depends on:
ii libc6 2.3.5-8.1 GNU C Library: Shared libraries an
dog recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
