t1lib security flaw: CVE-2007-4033/#439927

To: 439927-submitter@bugs.debian.org
Cc: debian-security@lists.debian.org, twerner@debian.org, george@pks.mpg.de
Subject: t1lib security flaw: CVE-2007-4033/#439927
From: "Artur R. Czechowski" <arturcz@hell.pl>
Date: Sun, 16 Sep 2007 20:28:26 +0200
Message-id: <[🔎] 20070916182826.GD3237@szczaw.snafu.pl>

forwarded 439927 rainer.menzner@web.de
tag 439927 patch confirmed upstream
severity 439927 serious
found 439927 5.1.0-2
thanks

Hi,
The t1lib 5.1.0 available in Debian (either etch as lenny and sid[1]) is
vulnerable to CVE-2007-4033 security flaw.
Upstream version 5.1.1 is vulnerable too. Upstream has been informed
about the issue.

I attached a patch solving the issue.

Best regards
	Artur

[1] sarge probably too, I didn't check it.
-- 
Po co mamy ze sobą rozmawiać, skoro tak łatwo się komunikować?
						/Jean Baudrillard/

--- t1env.c.orig	2007-09-16 19:56:38.319184208 +0200
+++ t1env.c	2007-09-16 20:05:02.057070439 +0200
@@ -611,6 +611,12 @@
 #endif 
     strcat( pathbuf, DIRECTORY_SEP);
     /* And finally the filename: */
+    /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf
+       let's try next pathbuf */
+    if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) {
+	i++;
+    	continue;
+    }
     strcat( pathbuf, StrippedName);
     
     /* Check for existence of the path: */

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: t1lib security flaw: CVE-2007-4033/#439927
  - From: "Torsten Werner" <mail.twerner@googlemail.com>

Prev by Date: Re: [SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities
Next by Date: Re: t1lib security flaw: CVE-2007-4033/#439927
Previous by thread: Re: [SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities
Next by thread: Re: t1lib security flaw: CVE-2007-4033/#439927
Index(es):
- Date
- Thread