bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sharutils: Directory traversal (security issue) in uudecode

From: Paul Eggert
Subject: Re: sharutils: Directory traversal (security issue) in uudecode
Date: Sun, 27 Nov 2022 09:39:36 -0800
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
While briefly looking into that bug report I noticed some undefined behavior in uudecode.c. It uses sscanf to scan from and to the same string, which is undefined behavior since sscanf's first argument has the 'restrict' keyword.
Proposed patch attached. I haven't compiled or tested this since sharutils doesn't bootstrap these days (I'll follow up with a separate email about that).

Attachment: 0001-Avoid-undefined-sscanf-behavor.patch
Description: Text Data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]