Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I found a buffer overflow in [bns_fasta2bntseq] function.
int64_t bns_fasta2bntseq(gzFile fp_fa, const char *prefix, int for_only) { extern void seq_reverse(int len, ubyte_t *seq, int is_comp); // in bwaseqio.c kseq_t *seq; char name[1024]; bntseq_t *bns; uint8_t *pac = 0; int32_t m_seqs, m_holes; int64_t ret = -1, m_pac, l; bntamb1_t *q; FILE *fp; // initialization .... strcpy(name, prefix); strcat(name, ".pac"); ... return ret; }
The name buffer has only 1024 bytes, in order that buffer overflow occurs if we pass more than 1024 bytes as prefix. It's a vulnerability
The text was updated successfully, but these errors were encountered:
This could be fixed by snprintf, like:
snprintf
snprintf(name, sizeof(name), "%s.pac", prefix);
Sorry, something went wrong.
In other function, that use the same input with [bns_fasta2bntseq] function, [bns_dump] function in btnseq.c. There is a buffer overflow here.
void bns_dump(const bntseq_t *bns, const char *prefix) { char str[1024]; FILE *fp; int i; { // dump .ann strcpy(str, prefix); strcat(str, ".ann"); (......) { // dump .amb strcpy(str, prefix); strcat(str, ".amb"); (....) }
The buffer overflow occur in str buffer. They can be fixed by snprintf, like @yanlinlin82 recommendation.
str
CVE-2019-11371 was assigned for this issue.
Any update?
No branches or pull requests
I found a buffer overflow in [bns_fasta2bntseq] function.
The name buffer has only 1024 bytes, in order that buffer overflow occurs if we pass more than 1024 bytes as prefix. It's a vulnerability
The text was updated successfully, but these errors were encountered: