On Fri, 2014-11-28 at 15:14:58 +0100, Guillem Jover wrote: > On Sat, 2014-11-29 at 00:43:06 +1100, Joshua Rogers wrote: > > Package: dpkg > > Version: 1.17.22-1 > > Tags: bug > > The correct address so submit bug reports is [email protected].
Just to clarify this, bug reports on the list are also welcome, but given the pseudo-header there I guess this one was just misdirected. > > Using AddressSanitizer I have found an Out-of-Bounds(?) vulnerability in > > dpkg. > > > > The vulnerable code is in lib/dpkg/parse.c, on line 135. > > > > 133: for (fip = fieldinfos, ip = fs->fieldencountered; fip->name; > > fip++, ip++) > > 134: if (strncasecmp(fip->name, fs->fieldstart, fs->fieldlen) == 0 && > > 135: fip->name[fs->fieldlen] == '\0') > > 136: break; > > Hmm, yeah assuming the fs->fieldstart is a superset of fip->name, then > there might be an out of bounds *read* access, but I don't see how that > would be a vulnerability. I'll fix this for 1.17.23. This and all other such instances in the code base. Thanks, Guillem -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
