After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 112765 - 1.0.13 buffer overflow
1.0.13 buffer overflow
Status: RESOLVED FIXED
Product: libgtop
Classification: Core
Component: general
1.0.13
Other Linux
: Urgent blocker
: ---
Assigned To: Unknown User
Unknown User
Depends on:
Blocks:
 
 
Reported: 2003-05-11 11:17 UTC by Noèl Köthe
Modified: 2004-12-22 21:47 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Noèl Köthe 2003-05-11 11:17:18 UTC
Hello,

the latest 1.0 libgtop version ist still distributed with a remote buffer
overflow. See http://www.de.debian.org/security/2003/dsa-301

Here is the fixing patch:

--- libgtop-1.0.6.orig/src/daemon/gnuserv.c
+++ libgtop-1.0.6/src/daemon/gnuserv.c
@@ -199,6 +199,11 @@
            return FALSE;
 
        auth_data_len = atoi (buf);
+
+       if (auth_data_len < 1 || auth_data_len > sizeof(buf)) {
+           syslog_message(LOG_WARNING, "Invalid data length supplied by
client");
+           return FALSE;
+       }
 
        if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) !=
auth_data_len)
            return FALSE;
Comment 1 Andrew Sobala 2003-05-11 12:43:00 UTC
Looks like this is applicable to libgtop-2.0 as well (the code is
still there).
Comment 2 Andrew Sobala 2003-05-19 15:57:02 UTC
Fixed in the latest libgtop 2.0 tarball; leaving open and assigning to
self for a 1.0.x update (I just need to get some build stuff fixed
before I can make it).
Comment 3 Kjartan Maraas 2003-06-10 17:32:23 UTC
Andrew, was the 1.0.14 package ever released?
Comment 4 Andrew Sobala 2003-06-10 19:35:12 UTC
Not yet. It's tagged in CVS, but needs a small amount of auto* hackery
to build, and I haven't had time to do that yet. (If you want to have
a go, you can ;)
Comment 5 Andrew Sobala 2003-06-10 19:35:35 UTC
Thanks for reminding me, though
Comment 6 Andrew Sobala 2003-09-29 14:42:57 UTC
I am never going to get round to doing another release. Reassigning to 
default.
Comment 7 Bastien Nocera 2003-10-20 19:50:39 UTC
libgtop 1.0 is dead, fix is already in current GNOME 2 packages.