Date: Fri, 15 May 2015 01:39:27 +0100 From: Pádraig Brady <P@...igBrady.com> To: oss-security@...ts.openwall.com Subject: coreutils sort heap overflow FYI on distros with the coreutils i18n patch applied (Suse/RHEL/Fedora/...) a heap overflow can be triggered in sort(1) as per: https://bugzilla.suse.com/show_bug.cgi?id=928749 The following should be the simplest way to trigger this on affected distros: (note the error is not generated 100% of the time): printf '%s\n' a ɑ | MALLOC_CHECK_=1 LC_ALL=en_US.utf8 sort -f Note in UTF8 only a few chars are converted to longer sequences, so the values that can be written are restricted. There is also a theoretical buffer overflow with data around SIZE_MAX/2. Both issues are fixed at: https://github.com/pixelb/coreutils/commit/bea5e36c The fix is public as the bug is already public. thanks, Pádraig.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.