Bug#190937: marked as done (Unsafe use of asprintf () in anna)
Your message dated Sat, 17 May 2003 05:17:07 -0400
with message-id <E19GxoR-0002mP-00@auric.debian.org>
and subject line Bug#190937: fixed in anna 0.029
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Apr 2003 10:36:28 +0000
>From christianbiere@gmx.de Sun Apr 27 05:36:15 2003
Return-path: <christianbiere@gmx.de>
Received: from mail.gmx.net [213.165.64.20]
by master.debian.org with smtp (Exim 3.12 1 (Debian))
id 199jVy-0005sn-00; Sun, 27 Apr 2003 05:36:10 -0500
Received: (qmail 6040 invoked by uid 65534); 27 Apr 2003 10:35:39 -0000
Received: from gtso-d9bb8156.pool.mediaWays.net (EHLO localhost) (217.187.129.86)
by mail.gmx.net (mp019-rz3) with SMTP; 27 Apr 2003 12:35:39 +0200
Date: Sun, 27 Apr 2003 12:35:27 +0200
From: Christian Biere <christianbiere@gmx.de>
To: submit@bugs.debian.org
Subject: Unsafe use of asprintf () in anna
Message-Id: <20030427123527.21428e43.christianbiere@gmx.de>
X-Mailer: Sylpheed version 0.8.11 (GTK+ 1.2.10; i386--netbsdelf)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="pgp-sha1"; boundary="b=.wdx5DfpOEPGq2"
Delivered-To: submit@bugs.debian.org
X-Spam-Status: No, hits=-12.9 required=4.0
tests=BAYES_01,HAS_PACKAGE,PGP_SIGNATURE_2,SIGNATURE_SHORT_SPARSE
autolearn=ham version=2.53
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp)
--b=.wdx5DfpOEPGq2
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Package: anna
Version: 0.026, HEAD
This concerns the following files:
debian-installer/anna/anna.c
debian-installer/anna/util.c
AFAIK asprintf() in glibc doesn't guarantee to nullify the supplied first
pointer in case of failure. Thus, the pointer might point to anywhere.
Its value is simply undefined. The correct way is to check whether
asprintf() returns -1. Even if glibc was changed so that it nullifies
the pointer, I somehow doubt it's a good idea simply passing it to
various functions.
(I don't use Debian, so this report might be incomplete.)
--
Christian
--b=.wdx5DfpOEPGq2
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)
iD8DBQE+q7J60KQix3oyIMcRAtRWAJ9cR46lrM5j4NdutpomrtnjaKdDrACfadKs
2o+eR92HcC6TGydFFWGPdHg=
=/pPr
-----END PGP SIGNATURE-----
--b=.wdx5DfpOEPGq2--
---------------------------------------
Received: (at 190937-close) by bugs.debian.org; 17 May 2003 09:24:22 +0000
>From katie@auric.debian.org Sat May 17 04:24:21 2003
Return-path: <katie@auric.debian.org>
Received: from auric.debian.org [206.246.226.45] (mail)
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 19GxvR-0006ML-00; Sat, 17 May 2003 04:24:21 -0500
Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian))
id 19GxoR-0002mP-00; Sat, 17 May 2003 05:17:07 -0400
From: Martin Sjogren <sjogren@debian.org>
To: 190937-close@bugs.debian.org
X-Katie: $Revision: 1.34 $
Subject: Bug#190937: fixed in anna 0.029
Message-Id: <E19GxoR-0002mP-00@auric.debian.org>
Sender: Archive Administrator <katie@auric.debian.org>
Date: Sat, 17 May 2003 05:17:07 -0400
Delivered-To: 190937-close@bugs.debian.org
We believe that the bug you reported is fixed in the latest version of
anna, which is due to be installed in the Debian FTP archive:
anna_0.029.dsc
to pool/main/a/anna/anna_0.029.dsc
anna_0.029.tar.gz
to pool/main/a/anna/anna_0.029.tar.gz
anna_0.029_i386.udeb
to pool/main/a/anna/anna_0.029_i386.udeb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 190937@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Sjogren <sjogren@debian.org> (supplier of updated anna package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 17 May 2003 10:44:32 +0200
Source: anna
Binary: anna
Architecture: source i386
Version: 0.029
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Martin Sjogren <sjogren@debian.org>
Description:
anna - Load installer modules (udeb)
Closes: 190937
Changes:
anna (0.029) unstable; urgency=low
.
* Martin Sjögren
- Add error handling for the asprintf calls, based on a patch from
David Nusinow. (Closes: #190937)
- Rebuild with libdebconfclient.
- Use new progress bar API.
* Thorsten Sauter
- Include german translation (de.po)
* André Luís Lopes :
- Spellchecking and some minor cosmetic fixes for pt_BR
debconf template translation.
Files:
4339791fdd936a7b2d2c2e9a9e1984b5 688 debian-installer standard anna_0.029.dsc
fb6e4e09da6978c9e960daf28d682609 20429 debian-installer standard anna_0.029.tar.gz
a6070b51609152a92498a925edb4de2e 10202 debian-installer standard anna_0.029_i386.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+xfvWGpBPiZwE9FYRAj7mAJ9n2X07Gn9b8qSqoG7U2wm5OhbGdgCdFQpQ
lpZbvKSmXeHraAGn86PTeGI=
=/IkX
-----END PGP SIGNATURE-----
Reply to: