[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#987959: marked as done (pev: peres affected by off-by-one error in libpe)

Your message dated Wed, 05 May 2021 12:33:36 +0000
with message-id <E1leGie-0000lj-Ly@fasolo.debian.org>
and subject line Bug#987959: fixed in pev 0.81-3
has caused the Debian Bug report #987959,
regarding pev: peres affected by off-by-one error in libpe
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
987959: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987959
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: pev
Version: 0.81-2
Severity: grave
Tags: patch security
Justification: user security hole
X-Debbugs-Cc: benoit.sevens@gmail.com, Debian Security Team <team@security.debian.org>

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

libpe has an off-by-one error which is fixed upstream. libpe is included in the pev package. peres calls functions within libpe. Running peres on certain files triggers the off-by-one error. Applying the patch fixes the issue.

-- System Information:
Debian Release: rodete
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.26-1rodete1-amd64 (SMP w/6 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pev depends on:
ii  libc6      2.31-11
ii  libssl1.1  1.1.1k-1

pev recommends no packages.

pev suggests no packages.

-- no debconf information

>From 5737a97c57be175333fc0c6f51bb2cdd7101c17e Mon Sep 17 00:00:00 2001
From: Jardel Weyrich <jweyrich@gmail.com>
Date: Mon, 18 Jan 2021 22:03:49 -0300
Subject: [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii.

---
 utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils.c b/utils.c
index bd2da84..f05ba67 100644
--- a/utils.c
+++ b/utils.c
@@ -132,7 +132,7 @@ char *pe_utils_str_array_join(char *strings[], size_t count, char delimiter) {
 
 void pe_utils_str_widechar2ascii(char *output, const char *widechar, size_t length) {
 	// quick & dirty UFT16 to ASCII conversion
-	for (size_t p = 0; p <= length; p++) {
+	for (size_t p = 0; p < length; p++) {
 		memcpy(output + p, (uint16_t *)(widechar) + p, 1);
 	}
 }

>From 5737a97c57be175333fc0c6f51bb2cdd7101c17e Mon Sep 17 00:00:00 2001
From: Jardel Weyrich <jweyrich@gmail.com>
Date: Mon, 18 Jan 2021 22:03:49 -0300
Subject: [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii.

---
 utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils.c b/utils.c
index bd2da84..f05ba67 100644
--- a/utils.c
+++ b/utils.c
@@ -132,7 +132,7 @@ char *pe_utils_str_array_join(char *strings[], size_t count, char delimiter) {
 
 void pe_utils_str_widechar2ascii(char *output, const char *widechar, size_t length) {
 	// quick & dirty UFT16 to ASCII conversion
-	for (size_t p = 0; p <= length; p++) {
+	for (size_t p = 0; p < length; p++) {
 		memcpy(output + p, (uint16_t *)(widechar) + p, 1);
 	}
 }

>From 5737a97c57be175333fc0c6f51bb2cdd7101c17e Mon Sep 17 00:00:00 2001
From: Jardel Weyrich <jweyrich@gmail.com>
Date: Mon, 18 Jan 2021 22:03:49 -0300
Subject: [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii.

---
 utils.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils.c b/utils.c
index bd2da84..f05ba67 100644
--- a/utils.c
+++ b/utils.c
@@ -132,7 +132,7 @@ char *pe_utils_str_array_join(char *strings[], size_t count, char delimiter) {
 
 void pe_utils_str_widechar2ascii(char *output, const char *widechar, size_t length) {
 	// quick & dirty UFT16 to ASCII conversion
-	for (size_t p = 0; p <= length; p++) {
+	for (size_t p = 0; p < length; p++) {
 		memcpy(output + p, (uint16_t *)(widechar) + p, 1);
 	}
 }

--- End Message ---
--- Begin Message --- 
Source: pev
Source-Version: 0.81-3
Done: Petter Reinholdtsen <pere@debian.org>

We believe that the bug you reported is fixed in the latest version of
pev, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 987959@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated pev package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 05 May 2021 14:09:18 +0200
Source: pev
Architecture: source
Version: 0.81-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Closes: 987959
Changes:
 pev (0.81-3) unstable; urgency=medium
 .
   * QA upload.
   * Avoid off-by-one error in libpe pe_utils_str_widechar2ascii()
     (Closes: #987959)
   * Extended autopkgtest to report if the Windows EXE file is missing.
Checksums-Sha1:
 37d3db1087419c0268bf35dc1cd81f84b6a50fc4 1829 pev_0.81-3.dsc
 c496b9c03609ab8c7eb93093aed6e0a864f6dcf8 4388 pev_0.81-3.debian.tar.xz
 58ed1750c4ac1a6451b24361c385e0a84e03db23 6442 pev_0.81-3_source.buildinfo
Checksums-Sha256:
 1c1a31d06efc9d3b991b0181deda31a434b10964b417cdbf47f733623df51585 1829 pev_0.81-3.dsc
 94d7965d310ea7d993c73d17d041bbd5d517abd5b11caef45dd8be7204719835 4388 pev_0.81-3.debian.tar.xz
 a390167ba5ab5bc7fc0782f0ce3ed79f03969c68ff1a497f3ddd286ca5a3e0a0 6442 pev_0.81-3_source.buildinfo
Files:
 3e4da4a90cc1aa186d5a1b63b17f8767 1829 utils optional pev_0.81-3.dsc
 01f70866f9ad1863a805822dc210f77f 4388 utils optional pev_0.81-3.debian.tar.xz
 3ee2ad67acd6097653985ce67d512cf5 6442 utils optional pev_0.81-3_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmCSi0gACgkQgSgKoIe6
+w5zAA/8C0SsAHyc8VBHLjaxThaDSqnpUz8d0PmLDqndLfAkV6MSQFYQlDy3PZCL
GhhQhWrEj4rHS5FaioaUtyvBBZQLzpp33YADKbOjK9Z495ECHZ9JbkpTAGzUG2VX
SO8F8xfO5buROwzfQkT2Qq5In/GFVtghOIv+So6cGKoS2nWV/QP/KEdDSOkFY6IV
TWTSFvM9rKzFlnKFEdnpjCwb2PMFIojTB/ySz4rnMgopagMIZs1LgVixJR4hfH7H
Gq1B+eAaikxYImCmLdQNr47s4PkodkNqHmSDFzOpbEJ4ClbPY/3T4y6sVf+5H1MO
z90u7twknlnOt7YUEvuMUA1eFqBuh2xXUzNVQFQ+ZKefBtUsNkfV5Q0Kk+Kct1Yx
hH2jBVm5UaczmAlIkqEqOCY4jvP1NzztFJkyQt1iDHMmzhiBePADD+IGGvR2B2Km
khOM0ytdbuXcE/lP2lvsoKqurvj9IRVPfJmc2iN7IcAanSe02tz137FRARPszRid
gJg+v06oXIiPiGFwLxeXzWz+qp2yl188Nwh9Te7yvE5uZgeLl9Vc/+wpaacaJtgO
BlsvC9DK4GWt6nPRk3j8aiMSXhJxYO35mCNiNs6lmqmWjhSJyTZL67Kwytrti8Gp
EbFGDXGm8s5XhIO+GrDW/HyWl4OSqaqgbrvBpno15dYPWeyMb5Y=
=DXyX
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: