Thanks again for the feedback Alan.
I have uploaded the newer version of the patch to the redhat bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=991757#attach_783274
I had to create an intermediate buffer...
Thanks Sebastian.
Shameful that to fix one I introduced another...
Regards
Pedro
On Aug 4, 2013 11:08 AM, Sebastian Ramacher sramac...@debian.org wrote:
Hi Pedro,
thank you for reporting this security issue.
On 2013-08-04 10:35:46, Pedro R wrote:
diff -urb
Hi Sebastian,
sorry again for that fail. Here is the correct patch.
Regards,
Pedro
lcms-1.19-b0f-v2.patch
Description: Binary data
Thanks for that Alan - I had no idea, and have been looking at lots of C
code lately that has probably has the same mistakes. I will keep an eye on
that.
Ok this patch is turning into a trainwreck - to everyone please be careful
when applying it.
Actually my original idea was more to point to the
void GetLine(char* Buffer)
{
-scanf(%s, Buffer);
+size_t Buffer_size = sizeof(Buffer);
+fgets(Buffer, (Buffer_size - 1), stdin);
+sscanf(Buffer,%s);
sizeof() in the C language does not reach through a pointer to find the size of
the underlying object - that code will always
On 08/ 5/13 05:00 PM, Pedro Ribeiro wrote:
Thanks for that Alan - I had no idea, and have been looking at lots of C code
lately that has probably has the same mistakes. I will keep an eye on that.
More details/deeper explanations of when sizeof can and cannot work can be
found in:
On 08/ 5/13 04:35 PM, Alan Coopersmith wrote:
+fgets(Buffer, (Buffer_size - 1), stdin);
+sscanf(Buffer,%s);
Oops, forgot to mention the sscanf is still wrong in this second revision.
This code now reads a line from stdin and writes it to Buffer. The sscanf
now takes Buffer as input,
Package: liblcms1
Version: 1.19
Severity: grave
Tags: upstream security patch
Justification: user security hole
I have found three (lame) buffer overflows in lcms-1.19. The problem lies in
the use of dangerous functions like scanf and sprintf to handle user input.
I have contacted the Little CMS
Hi Pedro,
thank you for reporting this security issue.
On 2013-08-04 10:35:46, Pedro R wrote:
diff -urb lcms-1.19.dfsg/samples/icctrans.c
lcms-1.19.dfsg-patched/samples/icctrans.c
--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.0 +
+++
9 matches
Mail list logo