[Bug 526273] New: john-1.7.3.1-1.70: buffer overrun
http://bugzilla.novell.com/show_bug.cgi?id=526273 Summary: john-1.7.3.1-1.70: buffer overrun Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: All OS/Version: openSUSE 11.1 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: dcb314@hotmail.com QAContact: qa@suse.de Found By: --- I just had a look at factory package john-1.7.3.1-1.70 For source code file john-1.7.3.1/src/charset.c around line 375 is the source code for the function charset_generate_all. I notice the following line of code strcpy(header->version, CHARSET_V); but ./BUILD/john-1.7.3.1/src/params.h:#define CHARSET_V1 "CHR1" ./BUILD/john-1.7.3.1/src/params.h:#define CHARSET_V2 "CHR2" ./BUILD/john-1.7.3.1/src/params.h:#define CHARSET_V CHARSET_V2 and ./BUILD/john-1.7.3.1/src/charset.h: char version[4]; so there is a buffer overrun here. Four characters and a zero byte won't fit into a four character field. Suggest code rework. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526273 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |lrupp@novell.com |ovo.novell.com | -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526273 Lars Vogdt <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P4 - Low Status|NEW |ASSIGNED CC| |lrupp@novell.com Found By|--- |Customer Target Milestone|--- |unspecified -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526273 User lrupp@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=526273#c1 --- Comment #1 from Lars Vogdt <lrupp@novell.com> 2009-08-07 15:25:44 MDT --- Just FYI: this bug is not forgotten. But I'm on vacation for the next 2 weeks. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526273 User rguenther@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=526273#c2 --- Comment #2 from Richard Guenther <rguenther@novell.com> 2009-10-17 08:54:51 MDT --- David, in case the issues are not introduced by a patch local to openSUSE please report the issues upstream. Packagers, please do not add openSUSE-local patches to fix this kind of errors but forward the bugs upstream and close the bugs as RESOLVED UPSTREAM. Note that it is perfectly fine to have "resource leaks" at the end of a program as the kernel will clean up for you. Manually freeing them only increases binary size and runtime. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=526273 http://bugzilla.novell.com/show_bug.cgi?id=526273#c3 Lars Vogdt <lrupp@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |UPSTREAM --- Comment #3 from Lars Vogdt <lrupp@novell.com> 2010-02-11 20:53:35 UTC --- fixed upstream. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com