New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stack-based buffer overflow findTable() (CVE-2014-8184) #425
Comments
|
No we do not have any commits regarding this issue. We know of a number of issues thanks to the Coverity scan, also there is a resource leak in |
|
@egli, @kirotawa: Asked in https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c5 if details can be shared. |
|
@egli, @kirotawa: according to https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7:
|
|
I tried to apply this merge patch in a 2.5.3 version (backporting) but while it builds ok it fails in the new resolve_table test. Seems that something is missing, not sure yet. |
|
@kirotawa: The isolated patch which Red Hat did apply can be found at |
|
:) thanks a million carnil!!! |
|
Hello, nothing makes sure that k is less than MAXSTRING (k is the length of a string coming from the environment). |
|
Also, the strncpy call doesn't actually put a \0... |
|
I'll propose the attached patch as fix for Debian on top of this one. |
|
TBH, I'm a bit confused now. I thought the code that had the CVE doesn't even exist in liblouis master anymore. So why is there a patch needed? |
|
I'm not proposing the patch for upstream liblouis, I'm just putting here as a reference for people who are still distributing that old version of liblouis. |
|
So in other words we can close this issue? |
|
I'd say so, yes |
|
OK, thanks :-) |
Hello,
Do you have any commit for this issue?
References:
https://bugzilla.redhat.com/show_bug.cgi?id=1492701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8184
Thanks in advance!
The text was updated successfully, but these errors were encountered: