Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-04 Thread Ben Pfaff
I applied fixes for both of these bugs to the PSPP repository, as the following commits. The fixes will be in the next PSPP release. commit 41c6f5447941e5d36d0554ba874671649353752f Author: Ben Pfaff Date: Tue Jul 4 12:58:55 2017 -0400 sys-file-reader: Fix integer

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-04 Thread Friedrich Beckmann
Hi Ben, my understanding is that they bring up two different problems. For https://bugzilla.redhat.com/show_bug.cgi?id=1467004 (Hash Function) the argument is that shift operations and overflows are undefined or implementation dependent for signed integers as used in the hash function.

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-04 Thread Ben Pfaff
The attribution of the problem to the hash function is probably wrong, since that function is purely combinatorial logic, but the report as a whole is right because the attachment in the bug report at https://bugzilla.redhat.com/show_bug.cgi?id=1467004 does cause pspp-convert to assert-fail. I'm

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-03 Thread Friedrich Beckmann
Hi John, > Am 04.07.2017 um 07:10 schrieb John Darrington : > > On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote: > Hi John, > > today I looked a little bit at the hash function. I think the problem is > that compared to > the

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-03 Thread John Darrington
On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote: Hi John, today I looked a little bit at the hash function. I think the problem is that compared to the referenced code the x parameter is type int instead of unsigned int. Googling around the overflow

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-03 Thread Chao Zhang
Dear Friedrich, We are using smart fuzzing to test open source applications, including pspp. Our tool collAFL is an enhanced version of AFL. The core of AFL is an genetic algorithm to automatically discover interesting test cases that trigger new internal states in the targeted application,

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-03 Thread Friedrich Beckmann
Hi John, today I looked a little bit at the hash function. I think the problem is that compared to the referenced code the x parameter is type int instead of unsigned int. Googling around the overflow behavior of signed and the shift right of signed is not defined in the c standard although

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-03 Thread John Darrington
I suspect this report is mistaken. But this bit is Ben's code, so I'll let him comment on that. J' On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote: Dear owl337 team, thanks for looking at pspp and finding the security problems

Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

2017-07-02 Thread Friedrich Beckmann
Dear owl337 team, thanks for looking at pspp and finding the security problems https://security-tracker.debian.org/tracker/CVE-2017-10791 and https://security-tracker.debian.org/tracker/CVE-2017-10792 in pspp! Your reports are quite detailed. Could you describe how you found the problems,