Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 23 Feb 2018 12:33:44 +0100
From: Solar Designer <solar@...nwall.com>
To: Dominik Csapak <d.csapak@...xmox.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: review of LibVNCServer/vncterm proxmox/vncterm proxmox/spiceterm xenserver/vncterm qemu/ui/console.c

Hi Dominik,

On Fri, Feb 23, 2018 at 09:20:48AM +0100, Dominik Csapak wrote:
> I do not know where you looked at our code,

In these GitHub repos, which I thought were official:

https://github.com/proxmox/vncterm
https://github.com/proxmox/spiceterm

Shortly after I sent the message, I realized I should have included
these links in it.  Ditto for other projects, so here they are:

XenServer vncterm:

https://github.com/xenserver/vncterm

Might be also out of date, since last commit is 2 years ago?  But could
also be latest.  These things don't have to be updated frequently.

For QEMU, I did:

git clone git://git.qemu.org/qemu.git

> but in our official git repositories for vncterm[1] and spiceterm[2]
> 
> those issues are already fixed (since 2017-05-05)
> 
> i changed those variables all to unsigned int, which makes those 
> increments defined behavior, and the range checks are ok, because
> they cannot be negative anymore.
> (it may behave strange, but you cannot trigger an out-of-bounds 
> read/write anymore)
> also, i replaced the vt->cy += buf code paths with calls to
> vncterm_gotoxy (which as you mentioned, perform all necessary checks)
> 
> Dominik
> 
> [1]: https://git.proxmox.com/?p=vncterm.git;a=summary
> [2]: https://git.proxmox.com/?p=spiceterm.git;a=summary

Sounds great.  (I haven't looked yet.)

Sorry for the false alarm, then.  (I imagine some users would like to
know of these issues having existed and having been fixed, though.)

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.