Bug#754945: recode: A possible buffer overflow when the input filename is too long
On Thu, 12 Jan 2017 18:19:51 +0300 Alexander Gerasiov wrote: > Package: recode > Version: 3.6-23 > Followup-For: Bug #754945 > > Another possible solution would be dinamically allocate buffer for > output_name. Please see patch attached. This is already done in recode 3.7.
Bug#754945: recode: A possible buffer overflow when the input filename is too long
Package: recode
Version: 3.6-23
Followup-For: Bug #754945
Another possible solution would be dinamically allocate buffer for
output_name. Please see patch attached.
--- a/src/main.c
+++ b/src/main.c
@@ -847,12 +847,13 @@
for (; optind < argc; optind++)
{
const char *input_name;
- char output_name[200]; /* FIXME: dangerous limit */
+ char *output_name;
FILE *file;
struct stat file_stat;
struct utimbuf file_utime;
input_name = argv[optind];
+ output_name = xmalloc (strlen (input_name) + 17 + 1); /* 17 is up limit for rec%d.tmp where %d is pid_t */
/* Check if the file can be read and rewritten. */
@@ -965,6 +966,7 @@
unlink (output_name);
}
+ free (output_name);
}
}
else
Bug#754945: recode: A possible buffer overflow when the input filename is too long
Package: recode Version: 3.6-20 Severity: normal Dear Maintainer, please review and include this patch asap. Many greetings from Berlin, Bernard https://github.com/bernardladenthin/Recode/commit/eb3ec625796e83552715b8a20f10664f38cdcd52 -- System Information: Debian Release: 7.6 APT prefers testing-updates APT policy: (500, 'testing-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages recode depends on: ii dpkg 1.16.15 ii install-info 4.13a.dfsg.1-10 ii libc6 2.13-38+deb7u3 ii librecode03.6-20 recode recommends no packages. recode suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
