Bug#364513: apt: Buffer overflow in pkgDPkgPM::Go.
On Mon, Apr 24, 2006 at 12:29:10AM +0200, Martin Dickopp wrote:
> Package: apt
> Version: 0.6.43.3
> Severity: normal
> Tags: patch
[..]
Thanks for your bugreport and your patch. I have applied it to my bzr
branch and it will be part of the next upload.
Cheers,
Michael
> -- System Information:
> Debian Release: testing/unstable
> APT prefers testing
> APT policy: (500, 'testing'), (200, 'unstable')
> Architecture: amd64 (x86_64)
> Shell: /bin/sh linked to /bin/dash
> Kernel: Linux 2.6.16-1-amd64-k8
> Locale: LANG=C, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
>
> Versions of packages apt depends on:
> ii libc6 2.3.6-7 GNU C Library: Shared libraries
> ii libgcc1 1:4.1.0-1 GCC support library
> ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3
>
> Versions of packages apt recommends:
> ii debian-archive-keyring 2006.01.18 GnuPG archive keys of the Debian a
>
> -- no debconf information
> --- apt-pkg/deb/dpkgpm.cc~ 2005-10-19 21:19:08.000000000 +0200
> +++ apt-pkg/deb/dpkgpm.cc 2006-04-24 00:09:46.000000000 +0200
> @@ -623,8 +623,8 @@
> 'status: conffile-prompt: conffile : 'current-conffile' 'new-conffile' useredited distedited
>
> */
> - char* list[4];
> - TokSplitString(':', line, list, 5);
> + char* list[5];
> + TokSplitString(':', line, list, sizeof(list)/sizeof(list[0]));
> char *pkg = list[1];
> char *action = _strstrip(list[2]);
>
--
Linux is not The Answer. Yes is the answer. Linux is The Question. - Neo
Reply to: