Date: Fri, 15 May 2015 01:39:27 +0100 From: Pádraig Brady <P@...igBrady.com> To: oss-security@...ts.openwall.com Subject: coreutils sort heap overflow FYI on distros with the coreutils i18n patch applied (Suse/RHEL/Fedora/...) a heap overflow can be triggered in sort(1) as per: https://bugzilla.suse.com/show_bug.cgi?id=928749 The following should be the simplest way to trigger this on affected distros: (note the error is not generated 100% of the time): printf '%s\n' a ɑ | MALLOC_CHECK_=1 LC_ALL=en_US.utf8 sort -f Note in UTF8 only a few chars are converted to longer sequences, so the values that can be written are restricted. There is also a theoretical buffer overflow with data around SIZE_MAX/2. Both issues are fixed at: https://github.com/pixelb/coreutils/commit/bea5e36c The fix is public as the bug is already public. thanks, Pádraig.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ