GNU bug report logs - #19563
grep -F: fix a heap buffer (read) overrun

Previous Next

Full log

View this message in rfc822 format

From: Jim Meyering <jim <at> meyering.net>
To: Santiago Ruano Rincón <santiago <at> riseup.net>
Cc: 19563 <at> debbugs.gnu.org, Michael Gilbert <mgilbert <at> debian.org>, anibal <at> debian.org
Subject: bug#19563: <DKIM> bug#19563: CVE number and trivial NSC follow-up patch
Date: Mon, 9 Feb 2015 08:40:13 -0800

On Mon, Feb 9, 2015 at 2:08 AM, Santiago Ruano Rincón
<santiago <at> riseup.net> wrote:
> El 01/02/15 a las 08:39, Jim Meyering escribió:
>> I obtained a CVE number for this flaw and added a reference to it in NEWS.
>> Also fixed a now-unnecessary "goto" in related code.
>
> Hi,
>
> I'm running kwset-abuse test, but I don't get any difference with or
> without the fix for this CVE (in kwset.c). Do you think there is an
> issue with the test? Maybe something related to my platform?
>
> Cheers,
>
> Santiago
>
> PS. kwset-abuse.log attached

Thanks for checking. I've just confirmed that backing out that fix and
running kwset-abuse does trigger a segfault on a rawhide x86-64
system, but not on a debian unstable (also x86-64) system. The
trouble is that the test case is sensitive to the implementation
details of the allocator and system details like page size. The test
case was designed to trigger the segfault, given a particular
observed behavior. If you can tune the test to trigger a failure
on your system, I'd be happy to accept a patch that adds
another case for that.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.