[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#183312: xbase-clients: Buffer overflow in "xman"

On Tue, Mar 04, 2003 at 08:28:27AM -0600, Colin Watson wrote:
> On Mon, Mar 03, 2003 at 07:45:03PM -0500, Branden Robinson wrote:
> > FYI, I cannot reproduce this problem on PowerPC:
> > 
> > [0] branden@redwald:~ % perl -we'$a = "a" x 8192; `MANPATH=$a xman`'
> > Xman Error: No manual pages found.
> > [0] branden@redwald:~ % perl -we'$a = "a" x 8193; `MANPATH=$a xman`'
> > Xman Error: No manual pages found.
> > [0] branden@redwald:~ % perl -we'$a = "a" x 8194; `MANPATH=$a xman`'
> > [0] branden@redwald:~ % uname -a
> > Linux redwald 2.4.19-powerpc #1 Mon Sep 9 09:01:43 EDT 2002 ppc unknown unknown GNU/Linux
> 
> I can't reproduce it with the recipe above, but that's just because
> nothing is printing the error message: it does still segfault. Try this
> instead, which reproduces it here on i386 with xbase-clients 4.2.1-5:
> 
>   [colinw@eurydice ~]$ MANPATH=`perl -we'print "a" x 8192'` xman
>   Xman Error: No manual pages found.
>   [colinw@eurydice ~]$ MANPATH=`perl -we'print "a" x 8193'` xman
>   Segmentation fault

I'm working on a patch for this. The xman code is riddled with static
buffers.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: