[Bug 771589] Re: fbb buffer overflow
Correction, John Goerzen's package source in debian 607028 is new enough to fix this - I don't have a TNC setup to test it in reality; but it starts up unlike the current Ubuntu package. John's package builds from source if I swizzle line 163 of src/Makefile so that the -lncurses is at the end. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771589 Title: fbb buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fbb/+bug/771589/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 771589] Re: fbb buffer overflow
This was fixed upstream in 7.04r.2.1 - so we do need the new version pulled in. There is a debian bug requesting an update: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607028 that has a package that's still a bit too old attached to it. Dave ** Bug watch added: Debian Bug tracker #607028 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607028 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771589 Title: fbb buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fbb/+bug/771589/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 771589] Re: fbb buffer overflow
Wow - this is a Y2K bug; welcome to the 21st century! looking at src/console.c we have in aff_date: char cdate[19]; sdate = localtime (&temps); #ifdef ENGLISH sprintf (cdate, "%02d-%02d-%02d %02d:%02d", sdate->tm_year, sdate->tm_mon + 1, sdate->tm_mday, sdate->tm_hour, sdate->tm_min); #else sprintf (cdate, "%02d/%02d/%02d %02d:%02d", sdate->tm_mday, sdate->tm_mon + 1, sdate->tm_year, sdate->tm_hour, sdate->tm_min); #endif the problem is that sdate->tm_year is 112 which makes the sprintf print a string like "112-08-19 16:58" which is 19 characters, add the \0 terminator and it's 20 characters - so it is a buffer overrun. Dave ** Changed in: fbb (Ubuntu) Status: Confirmed => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771589 Title: fbb buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fbb/+bug/771589/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 771589] Re: fbb buffer overflow
Yeh can easily reproduce it here on quantal Dave ** Changed in: fbb (Ubuntu) Importance: Undecided => Medium ** Changed in: fbb (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771589 Title: fbb buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fbb/+bug/771589/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 771589] Re: fbb buffer overflow
I haven't figured it out either. The setup script bombed and I had to create the ports file from scratch, but I've gone over and over all the configs and simplified as much as I can to eliminate potential problems, and always get this same result after the languages are done loading. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771589 Title: fbb buffer overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fbb/+bug/771589/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 771589] Re: fbb buffer overflow
This could be a config error on my part but wow, a buff overflow? :-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/771589 Title: fbb buffer overflow -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs