Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 May 2015 01:39:27 +0100
From: Pádraig Brady <P@...igBrady.com>
To: oss-security@...ts.openwall.com
Subject: coreutils sort heap overflow

FYI on distros with the coreutils i18n patch applied
(Suse/RHEL/Fedora/...) a heap overflow can be triggered in sort(1) as per:
https://bugzilla.suse.com/show_bug.cgi?id=928749

The following should be the simplest way to trigger this on affected distros:
(note the error is not generated 100% of the time):

  printf '%s\n' a ɑ | MALLOC_CHECK_=1 LC_ALL=en_US.utf8 sort -f

Note in UTF8 only a few chars are converted to longer sequences,
so the values that can be written are restricted.

There is also a theoretical buffer overflow with data around SIZE_MAX/2.

Both issues are fixed at:
  https://github.com/pixelb/coreutils/commit/bea5e36c
The fix is public as the bug is already public.

thanks,
Pádraig.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ