Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Peter Pentchev
On Thu, Jan 13, 2011 at 10:27:11PM +, Adam D. Barratt wrote: On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote: On Wed, Jan 12, 2011 at 09:10:53PM +, Adam D. Barratt wrote: This change looked a little odd: [...] + case TON_SCHRITT: +- strcat(name,

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Adam D. Barratt
On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote: Here's the new debdiff; thanks for your time! Thanks for that. Two small things: +- strcat(strcpy(croom, ROOM: ), slevel_number); [...] ++ snprintf(croom, sizeof(croom), ROOM: %s, slevel_number); The new version has one fewer space

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Peter Pentchev
On Sun, Jan 16, 2011 at 07:25:01PM +, Adam D. Barratt wrote: On Sun, 2011-01-16 at 20:38 +0200, Peter Pentchev wrote: Here's the new debdiff; thanks for your time! Thanks for that. Two small things: +- strcat(strcpy(croom, ROOM: ), slevel_number); [...] ++ snprintf(croom,

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Ansgar Burchardt
Peter Pentchev r...@ringlet.net writes: With the above changes, please feel free to upload (bearing in mind that the deadline for inclusion in the next point release is tomorrow). Thanks! Well, since I'm not a full DD yet, and xdigger doesn't fall under my DM rights, I hereby throw myself

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-16 Thread Adam D. Barratt
On Mon, 2011-01-17 at 00:48 +0100, Ansgar Burchardt wrote: Peter Pentchev r...@ringlet.net writes: With the above changes, please feel free to upload (bearing in mind that the deadline for inclusion in the next point release is tomorrow). Thanks! Well, since I'm not a full DD yet, and

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-13 Thread Peter Pentchev
On Wed, Jan 12, 2011 at 09:10:53PM +, Adam D. Barratt wrote: Hi, On Sun, 2011-01-09 at 01:16 +0200, Peter Pentchev wrote: On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote: Some other cases in the sound module with copying and strcating pargv/argv might be worth looking

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-13 Thread Adam D. Barratt
On Thu, 2011-01-13 at 12:18 +0200, Peter Pentchev wrote: On Wed, Jan 12, 2011 at 09:10:53PM +, Adam D. Barratt wrote: This change looked a little odd: [...] + case TON_SCHRITT: +-strcat(name, /step.au); ++snprintf(name, sizeof(name), %s/step.au, XDIGGER_LIB_DIR); ++

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-12 Thread Adam D. Barratt
Hi, On Sun, 2011-01-09 at 01:16 +0200, Peter Pentchev wrote: On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote: Some other cases in the sound module with copying and strcating pargv/argv might be worth looking at also. I have not investigated further. Nor have I investigated

Re: Bug#609096: Buffer overflow in xdigger with long argv[0]

2011-01-08 Thread Peter Pentchev
package xdigger tag 609096 + pending thanks On Thu, Jan 06, 2011 at 04:47:16PM +1100, Silvio Cesare wrote: Package: xdigger Version: 1.0.10-13 Severity: important Tags: security There is a buffer overflow in xdigger. xdigger_1.0.10/xdigger.c strcpy(progname, argv[0]); I confirmed