[PD-dev] [ pure-data-Patches-1822943 ] hexloader code security issue
SourceForge.net
noreply at sourceforge.net
Mon Dec 17 21:17:46 CET 2007
Patches item #1822943, was opened at 2007-10-30 19:27
Message generated for change (Comment added) made by zmoelnig
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1822943&group_id=55736
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: puredata
Group: bugfix
>Status: Closed
>Resolution: Accepted
Priority: 9
Private: No
Submitted By: IOhannes m zmölnig (zmoelnig)
Assigned to: Miller Puckette (millerpuckette)
Summary: hexloader code security issue
Initial Comment:
the hexmunge code in s_loader.c exposes a security hole:
s_loader:127 reads:
memmove(symname+6, symname, strlen(symname+1));
but really it should read:
memmove(symname+6, symname, strlen(symname)+1);
the code tries to copy the \0 character, but fails to do so (because the strlen(+1) returns to few bytes to be copied), which results in garbage in the symname after the memmove.
since this bug is a real security hole, i give it a high priority
----------------------------------------------------------------------
>Comment By: IOhannes m zmölnig (zmoelnig)
Date: 2007-12-17 21:17
Message:
Logged In: YES
user_id=564396
Originator: YES
seems to be accepted in the latest and greatest 0.41 testrelease
----------------------------------------------------------------------
Comment By: IOhannes m zmölnig (zmoelnig)
Date: 2007-10-30 20:05
Message:
Logged In: YES
user_id=564396
Originator: YES
like any other buffer overflow (i think)
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2007-10-30 19:52
Message:
Logged In: NO
if this is a real security hole, then how would anyone exploit it?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=1822943&group_id=55736
More information about the Pd-dev
mailing list