|
From: | William Bader |
Subject: | Re: Buffer overflow in the StringQuotedWord() function |
Date: | Sat, 21 Dec 2019 11:59:47 +0000 |
Is anyone still maintaining lout?
I have attached patches that fix some graph issues and that add some features.
Is there a consensus how to fix the two overflows that you reported?
The easiest way is probably truncating the buffer and showing a warning, but that might lose text.
Other places in lout might have the same buffer limit, so allocating and passing a larger buffer would take some analysis to ensure that it wouldn't cause a buffer overflow somewhere else.
Regards, William
From: Lout-users <lout-users-bounces+williambader=address@hidden> on behalf of Frederic Cambus <address@hidden>
Sent: Saturday, December 21, 2019 5:27 AM To: address@hidden <address@hidden> Subject: Re: Buffer overflow in the StringQuotedWord() function On Fri, Dec 20, 2019 at 07:12:14PM +0100, Frederic Cambus wrote:
> While fuzzing lout 3.40 with Honggfuzz, I found a buffer overflow in > the StringQuotedWord() function, in z39.c. This issue has been assigned CVE-2019-19917. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19917 |
lout-3.40.pat.gz
Description: lout-3.40.pat.gz
[Prev in Thread] | Current Thread | [Next in Thread] |