GNOME Bugzilla – Bug 112765
1.0.13 buffer overflow
Last modified: 2004-12-22 21:47:04 UTC
Hello, the latest 1.0 libgtop version ist still distributed with a remote buffer overflow. See http://www.de.debian.org/security/2003/dsa-301 Here is the fixing patch: --- libgtop-1.0.6.orig/src/daemon/gnuserv.c +++ libgtop-1.0.6/src/daemon/gnuserv.c @@ -199,6 +199,11 @@ return FALSE; auth_data_len = atoi (buf); + + if (auth_data_len < 1 || auth_data_len > sizeof(buf)) { + syslog_message(LOG_WARNING, "Invalid data length supplied by client"); + return FALSE; + } if (timed_read (fd, buf, auth_data_len, AUTH_TIMEOUT, 0) != auth_data_len) return FALSE;
Looks like this is applicable to libgtop-2.0 as well (the code is still there).
Fixed in the latest libgtop 2.0 tarball; leaving open and assigning to self for a 1.0.x update (I just need to get some build stuff fixed before I can make it).
Andrew, was the 1.0.14 package ever released?
Not yet. It's tagged in CVS, but needs a small amount of auto* hackery to build, and I haven't had time to do that yet. (If you want to have a go, you can ;)
Thanks for reminding me, though
I am never going to get round to doing another release. Reassigning to default.
libgtop 1.0 is dead, fix is already in current GNOME 2 packages.