Date: Tue, 3 Feb 2015 17:24:58 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Possible CVE Requests: libmspack: several issues Hi, On Tue, 3 Feb 2015 16:52:05 +0100 Salvatore Bonaccorso <carnil@...ian.org> wrote: > Several issues with the libmspack library were reported recently in > the Debian bugtracker by Jakub Wilk. Some additional info: This code is shared with cabextract. I recently also reported issues to the author that were all fixed in the cabextract 1.5 and libmspack 0.5alpha releases. (The author was unaware that I am not part of debian, so he only mentions Debian fixes in the release notes - but these include the fixes for the issues reported by me). Rundown of issues I found: Invalid read in ensure_filepath: ==29962==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000efd2 at pc 0x40aafd bp 0x7fff365ba030 sp 0x7fff365ba020 READ of size 1 at 0x60200000efd2 thread T0 #0 0x40aafc in ensure_filepath src/cabextract.c:1034 #1 0x40aafc in process_cabinet src/cabextract.c:504 #2 0x40aafc in main src/cabextract.c:350 #3 0x7ff5e30f8f9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #4 0x40be2d (/tmp/cabextract-1.4/cabextract+0x40be2d) Invalid in create_output_name: ==29965==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60200000effe at pc 0x40a9b8 bp 0x7fffd50309e0 sp 0x7fffd50309d0 READ of size 1 at 0x60200000effe thread T0 #0 0x40a9b7 in create_output_name src/cabextract.c:828 #1 0x40a9b7 in process_cabinet src/cabextract.c:444 #2 0x40a9b7 in main src/cabextract.c:350 #3 0x7f68d131bf9f in __libc_start_main (/lib64/libc.so.6+0x1ff9f) #4 0x40be2d (/tmp/cabextract-1.4/cabextract+0x40be2d) All found with american fuzzy lop. (P.S.: Do we have a policy on attachments on this list? I was unsure if it'd be apprechiated that I attach the issue-exposing samples) cu, -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.