On 9. 01. 20 17:45, Karl O. Pinc wrote: > Note that the sourceforge link in the previous email > contains a patch at the bottom. Maybe somebody could > look into it?
My 2 cents on this as a long time user of Bogofilter that's been affected by this issue. I've looked into Doran's 10 patch series from 2016-09-02 several times in the past. I can confirm that it appears to fix the segfaults caused by the test cases I have for this bug. With the patch applied to Debian's Bogofilter 1.2.4 source, Valgrind doesn't detect any memory access errors. With my limited understanding of Bogofilter's lexer code the general direction of the patches seems to make sense. However, the patch series makes some non-trivial changes and I was never confident in understanding exactly what is going on. My review of the code did leave me with an impression that, even if the patch series correctly fixes this bug, there are likely more memory corruption bugs like this in the lexer code. On this note, I highly recommend anyone using Bogofilter to setup an AppArmor profile to limit the potential security impact of such bugs. I found [1] to be a good starting point. [1] https://blitiri.com.ar/git/r/apparmor/b/master/t/f=usr.bin.bogofilter.html Best regards Tomaž