Date: Fri, 29 Jul 2016 16:43:37 -0400 (EDT) From: cve-assign@...re.org To: ago@...too.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: paps: heap overflow when processing crafted file -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > The bug comes from the fuzzer, which did not pass an empty file. > Later, I discovered that an empty file has the same behaviour of > the crafted. > > In other words: > - The same crash happen for the empty and crafted file. > - The patch covers both cases (when the file is empty and when > contains random data). Right, the file does not need to be empty (file length of zero), but inbuf->len needs to end up being zero, which means that the g_iconv calls produce zero output bytes for every line of the input file. After the buffer under-read, if there isn't a crash, the return value of read_file can be the empty string, which wasn't intended to be a possible return value. However, we haven't seen information indicating that this causes a security problem in later code. This is a command-line program, and the available information is that there is sometimes a non-exploitable crash when operating on an invalid file. For now, we are categorizing this as an inconvenience to the user, not a vulnerability: there is no CVE ID. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXm79CAAoJEHb/MwWLVhi2N+UP+wePxHygX5ysWdiPbuqKjS8h whEFNT7IOmFKBcZOEF1DGZs8Avwet2qbeFOvEU3HymEQEzyepLCn4vP5iPQHzqiT ZFHD/cH/mKdr4IBwvFY6ipItanLSPd7kwXriFxwGJwwOzTWqT/2JwOxt4zUDL1xK lFjRI2tpqPMkDFRRwogaculT/vx3c72K5tj0CgJHyXAkz+xJL4ZfKVTVnEyybJsf 1ihnu2uXQUUy9cwMb15X/a/3Zp9SwaSPmOq7U12aZMxYE1HdirFYhbfIbhQvhpvi DZyLvu/h6T0z465Yguq+ru7Q9eArWEu3JDjr4H2uIjWnOIlcc5tifidnz+nYWS3S 8yfZnvLUf3gziwKYBPJTz+SyyEK0fba3zq+aifNpjU82jHsFSQ5jG+099QDA+ABM GEoM++3Avi6wCwPafSi/zJgh/HV0gxsQbqw4dJ2V3PdXcU9Gd5kqEiwEabXecX7q hbNx+Xkagip07CBLpdEdYSkaw6jbqXWjjzeYcy66GxVv1bI93VLDLfmC7vsKUY17 stgbEQEt89J+bWcVC1HpBp1zWNT42bn06JhAeYU4iAhYcuvWitUCo6qJwunuqknr 17NZqaTaG0AsWXnQIGLHpCQNlAmfXKHBph097Lj/SUxE9NpxECTY3ewQT+JKdylG Qk0Mx1+5uqMRiN8yKRhP =979d -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.