*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: foomatic-db-engine
/usr/bin/foomatic-combo-xml write data given by parameters to fixed
char[1024] with sprintf which can trigger buffer overflow .
test case :
emanuel@emanuel-desktop:/tmp$ foomatic-combo-xml -l `python -c "print 'A'*1007"`
*** buffer overflow detected ***: foomatic-combo-xml terminated
emanuel@emanuel-desktop:/tmp$ foomatic-combo-xml -p `python -c "print 'A'*244"`
-d 1
*** buffer overflow detected ***: foomatic-combo-xml terminated
emanuel@emanuel-desktop:/tmp$ foomatic-combo-xml -p 1 -d `python -c "print
'A'*983"`
*** buffer overflow detected ***: foomatic-combo-xml terminated
the bug can be found at :
sprintf(printerfilename, "%s/db/source/printer/%s.xml",
libdir, pid);
sprintf(driverfilename, "%s/db/source/driver/%s.xml",
libdir, driver);
sprintf(optiondirname, "%s/db/source/opt",
libdir);
sprintf(driverdirname, "%s/db/source/driver",
libdir);
sprintf(printerdirname, "%s/db/source/printer",
libdir);
sprintf(optionfilename, "%s/db/source/opt/%s",
libdir, direntry->d_name);
fix :
replace sprintf to snprintf.
** Affects: foomatic-db-engine (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/783603
Title:
foomatic-combo-xml Buffer Overflow
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
