[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #18366] NSCalendarDate: serious buffer overflow issues
From: |
Günther Noack |
Subject: |
[bug #18366] NSCalendarDate: serious buffer overflow issues |
Date: |
Fri, 24 Nov 2006 19:04:09 +0000 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7 |
URL:
<http://savannah.gnu.org/bugs/?18366>
Summary: NSCalendarDate: serious buffer overflow issues
Project: GNUstep
Submitted by: guenthernoack
Submitted on: Friday 24/11/06 at 19:04
Category: Base/Foundation
Severity: 3 - Normal
Item Group: Bug
Status: None
Privacy: Private
Assigned to: None
Open/Closed: Open
_______________________________________________________
Details:
Hi!
NSCalendarDate's parsing method has some serious buffer overflow issues in
it.
When parsing timezone names, the timezone name from the source string is
copied into tmpStr, but tmpStr's bounds are unluckily not checked, which
allows to overwrite different indexes and possibly the return pointer of the
function. At least the application will crash when you provide it with the
wrong strings.
The same problem also applies to the parsing of full month name, full weekday
name and possibly some other options.
It would be good if that could be fixed before the next release, since a
recent change to the timezone part of the switch statement made exploitation
much easier, and it would not be good to have that code in a stable release.
This bug is posted as a private bug and hopefully invisible to the outside
internet (and maybe to me, too).
-Guenther
PS: In one of the comment in the method, it is stated that the author didn't
know if there are locales where the abbreviated weekday names have less then
three characters. In german, they do. It's Mo, Di, Mi, Do, Fr, Sa, So.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?18366>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #18366] NSCalendarDate: serious buffer overflow issues,
Günther Noack <=