Simon Josefsson <si...@josefsson.org> writes: > Hanno Böck <ha...@hboeck.de> writes: > >> Hi, >> >> When passing the attacked file (libidn-oob-stack-read-main) to the idn >> command line tool this will cause an out of bounds stack access. This >> can be seen with either valgrind or by recompiling idn with address >> sanitizer. The input consists of a random character, a newline and a >> zero byte. >> >> The error happens in the function main in this code >> if (readbuf[strlen (readbuf) - 1] == '\n') >> readbuf[strlen (readbuf) - 1] = '\0'; >> >> If readbuf is a zero byte string this won't work. I have attached a >> patch how to prevent this. Not sure if this is the best way, but it >> prevents the oob access. > > Thank you for the report. I believe idn should use getline instead of > this funky fixed-buffer fgets+hacks approach. I'll try to implement it.
Hi Hanno. I have implemented this solution now -- please see these commits: http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commitdiff;h=570e68886c41c2e765e6218cb317d9a9a447a041 http://git.savannah.gnu.org/gitweb/?p=libidn.git;a=commitdiff;h=8b6b44f1bffbdae98d8791434bf5e77da74acbb4 If you have any comments or thoughts, please let me know. Thanks, /Simon
signature.asc
Description: PGP signature
_______________________________________________ Help-libidn mailing list Help-libidn@gnu.org https://lists.gnu.org/mailman/listinfo/help-libidn
