Bug#443913: CVE-2007-5037 buffer overflow in inotifytools_snprintf

2007-09-25 Thread Peter Makholm 
tag 443913 patch etch
thanks

This problem is fixed in unstable by uploading the new upstream
version (3.11-1). A fix for etch is awaitng the security team.

Patch for version 3.3-1 attached

//Makholm

diff -Naur inotify-tools-3.3-orig/libinotifytools/src/inotifytools.c inotify-tools-3.3/libinotifytools/src/inotifytools.c
--- inotify-tools-3.3-orig/libinotifytools/src/inotifytools.c	2006-10-29 09:44:06.0 +0100
+++ inotify-tools-3.3/libinotifytools/src/inotifytools.c	2007-09-25 07:49:10.768454036 +0200
@@ -1634,7 +1634,7 @@
 
 		if ( ch1 == 'w' ) {
 			if ( filename ) {
-strncpy( &out[ind], filename, MAX_STRLEN - ind );
+strncpy( &out[ind], filename, size - ind );
 ind += strlen(filename);
 			}
 			++i;
@@ -1643,7 +1643,7 @@
 
 		if ( ch1 == 'f' ) {
 			if ( eventname ) {
-strncpy( &out[ind], eventname, MAX_STRLEN - ind );
+strncpy( &out[ind], eventname, size - ind );
 ind += strlen(eventname);
 			}
 			++i;
@@ -1652,7 +1652,7 @@
 
 		if ( ch1 == 'e' ) {
 			eventstr = inotifytools_event_to_str( event->mask );
-			strncpy( &out[ind], eventstr, MAX_STRLEN - ind );
+			strncpy( &out[ind], eventstr, size - ind );
 			ind += strlen(eventstr);
 			++i;
 			continue;
@@ -1675,7 +1675,7 @@
 timestr[0] = 0;
 			}
 
-			strncpy( &out[ind], timestr, MAX_STRLEN - ind );
+			strncpy( &out[ind], timestr, size - ind );
 			ind += strlen(timestr);
 			++i;
 			continue;
@@ -1684,7 +1684,7 @@
 		// Check if next char in fmt is e
 		if ( i < strlen(fmt) - 2 && fmt[i+2] == 'e' ) {
 			eventstr = inotifytools_event_to_str_sep( event->mask, ch1 );
-			strncpy( &out[ind], eventstr, MAX_STRLEN - ind );
+			strncpy( &out[ind], eventstr, size - ind );
 			ind += strlen(eventstr);
 			i += 2;
 			continue;

Bug#443913: CVE-2007-5037 buffer overflow in inotifytools_snprintf

2007-09-24 Thread Nico Golde 
Package: inotify-tools
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for inotify-tools.

CVE-2007-5037[0]:
| Buffer overflow in the inotifytools_snprintf function in
| src/inotifytools.c in the inotify-tools library before 3.11 allows
| context-dependent attackers to execute arbitrary code via a long
| filename.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5037

Kind regards
Nico

-- 
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.


pgps3GmUzxdBY.pgp
Description: PGP signature