Package: gphoto2
Version: 2.3.1-2
Severity: normal
Usertags: sourcescan
*** Please type your report below this line ***
The code in gphoto2/shell.c contains several unsafe uses of
environmental variables.
Take a look at this:
static int
shell_lcd (Camera __unused__ *camera, const char *arg)
{
char new_cwd[MAX_FOLDER_LEN];
int arg_count = shell_arg_count (arg);
if (!arg_count) {
if (!getenv ("HOME")) {
cli_error_print (_("Could not find home directory."));
return (GP_OK);
}
strcpy (new_cwd, getenv ("HOME"));
}
The following demonstrates the problem:
[EMAIL PROTECTED]:~$ HOME=$(perl -e 'print "X"x4000') gphoto2 --shell
Segmentation fault
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-xen (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gphoto2 depends on:
ii libc6 2.6-2 GNU C Library: Shared libraries
ii libcdk5 5.0.20060507-1 C-based curses widget library
ii libexif12 0.6.16-1 library to parse EXIF files
ii libgphoto2-2 2.3.1-5+b1 gphoto2 digital camera library
ii libgphoto2-port0 2.3.1-5+b1 gphoto2 digital camera port librar
ii libjpeg62 6b-13 The Independent JPEG Group's JPEG
ii libncurses5 5.6+20070716-1 Shared libraries for terminal hand
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libreadline5 5.2-3 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-7 userspace USB programming library
gphoto2 recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
