URL: <http://savannah.gnu.org/bugs/?18366>
Summary: NSCalendarDate: serious buffer overflow issues Project: GNUstep Submitted by: guenthernoack Submitted on: Friday 24/11/06 at 19:04 Category: Base/Foundation Severity: 3 - Normal Item Group: Bug Status: None Privacy: Private Assigned to: None Open/Closed: Open _______________________________________________________ Details: Hi! NSCalendarDate's parsing method has some serious buffer overflow issues in it. When parsing timezone names, the timezone name from the source string is copied into tmpStr, but tmpStr's bounds are unluckily not checked, which allows to overwrite different indexes and possibly the return pointer of the function. At least the application will crash when you provide it with the wrong strings. The same problem also applies to the parsing of full month name, full weekday name and possibly some other options. It would be good if that could be fixed before the next release, since a recent change to the timezone part of the switch statement made exploitation much easier, and it would not be good to have that code in a stable release. This bug is posted as a private bug and hopefully invisible to the outside internet (and maybe to me, too). -Guenther PS: In one of the comment in the method, it is stated that the author didn't know if there are locales where the abbreviated weekday names have less then three characters. In german, they do. It's Mo, Di, Mi, Do, Fr, Sa, So. _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?18366> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-gnustep mailing list Bug-gnustep@gnu.org http://lists.gnu.org/mailman/listinfo/bug-gnustep