Hi, I am the Fedora maintainer of gif2png and think that the supplied patch is incomplete. In main(), there is done
| - strcpy(name, argv[i]); | + strncpy( name, argv[i], sizeof( name ) ); | ... | strcat(name, ".gif"); which could still overflow 'name'. I think that http://cvs.fedoraproject.org/viewvc/rpms/gif2png/devel/gif2png-overflow.patch?revision=HEAD&root=extras&view=markup solves the issue better. It omits the changes in processfile() because main() guarantees that 'fname' is short enough. FWIW, 2.5.2 *is* affected; the -ENAMETOOLONG comes from the open(2) call. Applying a modified exploit like gif2png `perl -e "print '/' x 1024"`/a still triggers the issue. Enrico -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
