Package: aeskeyfind Version: 1:1.0-4 Severity: important Tags: upstream patch
Dear Maintainer, aeskeyfind has a bug where it fails to process a file larger than 4GB properly. Instead it will process only filesize & 0xffffffff. Sign confusion in entropy function can also lead to a crash when processing a large file. Finally, on 32-bit systems size parameter to mmap would get quietly truncated. Steps to reproduce the crash: 1. dd if=/dev/zero of=test.img count=8388607 2. aeskeyfind test.img Here's a patch fixing the issues: https://sintonen.fi/pch/aeskeyfind-largeimage-fix.diff PS. Due to the design limitations the application cannot scan very large files on 32-bit systems. This patch doesn't address that limitation, it however makes the application fail gracefully if the situation is met. -- System Information: Debian Release: 9.8 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages aeskeyfind depends on: ii libc6 2.24-11+deb9u4 aeskeyfind recommends no packages. aeskeyfind suggests no packages. -- no debconf information
