Date: Tue, 10 Mar 2015 20:12:36 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: less invalid memory access fixed (CVE-2014-9488) I stumbled over an invalid memory access in less a while ago: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html While I never got a reply from the less developers it seems with version 475 they finally fixed it. They don't have any release announcements or public repositories, but there is a mentioning in the file version.c probably related: +v475 3/2/15 Fix possible buffer overrun with invalid UTF-8; + fix bug when compiled with no regex; fix non-match search. This is likely the change that fixes this bug (but I haven't verified that, there are multiple things changed between 474 and 475): --- less-474/line.c 2015-01-31 00:20:29.000000000 +0100 +++ less-475/line.c 2015-03-05 20:07:08.000000000 +0100 @@ -807,7 +807,7 @@ mbc_buf[mbc_buf_index++] = c; if (mbc_buf_index < mbc_buf_len) return (0); - if (is_utf8_well_formed(mbc_buf)) + if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); else /* Complete, but not shortest form, sequence. */ If mitre and osvdb maintainers read this: please update the entries in your databases accordingly. I'll also update the blog post / advisory. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.