Package: gmanedit
Version: 0.4.1-1
Severity: important
Tags: security
Hi,
Gmanedit includes several buffer overflows. It needs to be audited
seriously, user input is never checked. Here are the ones i found :
* Launch the wizard, click all the boxes, complete the wizard.
Check
for "cad[512]" in the source, it's where the problem is, it
should
be increased ; it fixes the problem, but it's ugly.
* Launch the wizard, type a very long line in title or name of the
manpage. At first the UI doesn't limit the number of characters
you can enter, then the code handles it badly.
* Open preferences, flood the inputbox.
* Same like above, but this time it comes from the rc file. Just
fill the
"COMMAND=" parameters with a lot of characters.
* Fill the editor with a 200kb file, then try to see the man
("view
created page").
Maybe there are some others, so it needs a good audit. I don't send a
patch, because i can't fix properly, but don't hesitate to ask me
more if you need.
Regards,
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
