Package: elvis-tiny
Severity: normal
X-Debbugs-Cc: kangwoos...@gmail.com
Dear Maintainer,
I found some potential buffer overflow vulnerability in main.c.
--------------------------------------------------
264 str = getenv("HOME");
265 if (str)
266 {
267 sprintf(tmpblk.c, "%s%c%s", str, SLASH, HMEXRC);
--------------------------------------------------
At line 264, the program reads the value of 'str' from an environment variable.
Since the size of 'tmpblk.c' is fixed to 1024 and there is no range check,
if a malicious attacker puts large string, it may cause buffer overflow which
leads to buggy behavior.
Thank you.
-- System Information:
Debian Release: 11.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.16.3-microsoft-standard-WSL2 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages elvis-tiny depends on:
ii libc6 2.31-13
ii libtinfo6 6.2+20201114-2
elvis-tiny recommends no packages.
elvis-tiny suggests no packages.
