Re: CVE-2019-14866

To: "Ola Lundqvist" <ola@inguza.com>
Cc: "Ola Lundqvist" <ola@inguza.com>, "Thomas Habets" <thomas@habets.se>, <cpio@packages.debian.org>, <941412@bugs.debian.org>, "Debian LTS" <debian-lts@lists.debian.org>, "Debian Extended LTS contributors" <extended-lts-team@freexian.com>
Subject: Re: CVE-2019-14866
From: Sergey Poznyakoff <gray@gnu.org.ua>
Date: Mon, 04 Nov 2019 22:25:12 +0200
Message-id: <[🔎] 20191104222512.1680@ulysses.gnu.org.ua>
In-reply-to: Your message of Mon, 4 Nov 2019 17:32:06 +0100 <[🔎] CABY6=0mwKk+X8rE5pQkEf22S=u9pFz=NnSqcVk2pXwtXg6CJ4g@mail.gmail.com>
References: <[🔎] CABY6=0kCsyE6JirONW4ZovBf860tT9=YKugR47V9gaJbGJZEcQ@mail.gmail.com> <[🔎] 20191104163347.26596@ulysses.gnu.org.ua> <[🔎] CABY6=0mwKk+X8rE5pQkEf22S=u9pFz=NnSqcVk2pXwtXg6CJ4g@mail.gmail.com>

Hi Ola,

> Hi Sergey
> 
> I can see that the fix is quite different from the one Thomas proposed. Do
> I understand correctly that this fix go around the problem in a different
> way?

Not quite so.  It takes basically the same approach as the fix Thomas
proposed, but also removes unnecessary code duplication and ensures
informative error diagnostics.

> I do not see any explicit value > 0 check.

See the return from the to_ascii function.

> it looks like the fix allows larger file sizes

No, of course all size limits remain the same,

Regards,
Sergey

Reply to:

Follow-Ups:
- Re: CVE-2019-14866
  - From: Ola Lundqvist <ola@inguza.com>

References:
- CVE-2019-14866
  - From: Ola Lundqvist <ola@inguza.com>
- Re: CVE-2019-14866
  - From: Sergey Poznyakoff <gray@gnu.org.ua>
- Re: CVE-2019-14866
  - From: Ola Lundqvist <ola@inguza.com>

Prev by Date: Re: CVE-2019-14866
Next by Date: Re: CVE-2019-14866
Previous by thread: Re: CVE-2019-14866
Next by thread: Re: CVE-2019-14866
Index(es):
- Date
- Thread