There appears to be a fix from upstream on the line that caused the buffer overflow (the snprintf() call). This fix was part of the 2.6.11 release.
Version 2.6.10-20.2build3 doesn't contain this fix. I'm not sure why I don't see the buffer overflow anymore after recompiling this version. from https://github.com/mrash/fwknop.git: Commit: b246eeccc53d663640d763fe9f06baadf8c9883e [b246eecc] Parents: 3e9a057506 Author: Barnabé BALP <[email protected]> Date: Tuesday, 16 January 2024 22:32:07 Fix snprintf buffer length Imported here: Commit: 3cc3ad717f59dc440fd86bf3058985b26dcb8a50 [3cc3ad7] Parents: 2112e0ee80 Author: Francois Marier <[email protected]> Date: Saturday, 4 May 2024 04:57:57 Committer: git-ubuntu importer <[email protected]> Commit Date: Saturday, 4 May 2024 12:31:08 Labels: tag:, import/2.6.11-1 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2131672 Title: fwknop-client: buffer overflow when using GPG encryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwknop/+bug/2131672/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
