Hanno Böck <ha...@hboeck.de> writes: > Hi, > > When passing the attacked file (libidn-oob-stack-read-main) to the idn > command line tool this will cause an out of bounds stack access. This > can be seen with either valgrind or by recompiling idn with address > sanitizer. The input consists of a random character, a newline and a > zero byte. > > The error happens in the function main in this code > if (readbuf[strlen (readbuf) - 1] == '\n') > readbuf[strlen (readbuf) - 1] = '\0'; > > If readbuf is a zero byte string this won't work. I have attached a > patch how to prevent this. Not sure if this is the best way, but it > prevents the oob access.
Thank you for the report. I believe idn should use getline instead of this funky fixed-buffer fgets+hacks approach. I'll try to implement it. /Simon
signature.asc
Description: PGP signature
_______________________________________________ Help-libidn mailing list Help-libidn@gnu.org https://lists.gnu.org/mailman/listinfo/help-libidn
