Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 14 Jun 2016 08:39:05 +0000 (UTC)
From: Petter Reinholdtsen <pere@...gry.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: reads out-of-bounds with cpio 2.11

>> Two reads out-of-bounds in cpio 2.11 were found in the parsing of cpio
>> files

Note, testing with valgrind show that after the out-of-bounds reads,
there is an out-of-bounds write too.  The issue is triggered by a
file name length of zero in an internal data structure.  This cases
the code to do operations on a buffer returned by malloc(0), first a memory
access, then a memory write and finally a lstat().

I've send the valgrind output and a patch to fix it to
<URL: http://bugs.debian.org/815965 > and upstream.

I have no idea if the issue is a security issue, though.  I could not
come up with a way to use the unwanted reads and writes for anything
interesting.
-- 
Happy hacking
Petter Reinholdtsen


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ