savannah.gnu.org Open in urlscan Pro
2001:470:142::72  Public Scan

Form analysis
1 forms found in the DOM

GET /search/#options

<form action="/search/#options" method="get">
  <input type="text" title="Terms to look for" size="15" name="words" value="">
  <br> in <select title="Area to search in" name="type_of_search">
    <option value="soft" selected="selected">Projects</option>
    <option value="people">People</option>
    <option value="support"><!-- Search... in -->Support</option>
    <option value="bugs"><!-- Search... in -->Bugs</option>
    <option value="task"><!-- Search... in -->Tasks</option>
    <option value="patch"><!-- Search... in -->Patches</option>
  </select>
  <br> &nbsp;&nbsp;&nbsp;<input type="submit" name="Search" value="Search">&nbsp; <input type="hidden" name="exact" value="1">
</form>

Text Content

 * 
   
 * Not Logged in
   
 * Login
   
 * New User
   
 * This Page
   
 * Language
   
 * Clean Reload
   
 * Printer Version
   
 * Search
   
 * 
   in Projects People Support Bugs Tasks Patches
       
   
 * Hosted Projects
   
 * Hosting requirements
   
 * Register New Project
   
 * Full List
   
 * Contributors Wanted
   
 * Statistics
   
 * Site Help
   
 * User Docs: FAQ
   
 * User Docs: In Depth Guide
   
 * Get Support
   
 * Contact Savannah
   
 * GNU Project
   
 * Help GNU
   
 * All GNU Packages
   
 * Dev Resources
   
 * License List
   
 * GNU Mirrors
   
 * 
   Help us protect your freedom and the rights of computer users everywhere by
   becoming a member of the FSF.
   Join Now!
 * Free Software Foundation
   
 * Coming Events
   
 * Free Software Directory
   
 * Cryptographic software legal notice
   
 * Copyright infringement notification
   
 * Related Forges
   
 * Savannah Non-GNU
   
 * Puszcza
   


GNU TAR - PATCHES: PATCH #10307, FIX SAVANNAH BUG #62387

Group
 * Main
   * Main
   * View members
   * Search
   
 * Homepage
   
 * Download
   
 * Support
   * Submit new
   * Browse
   * Reset to open
   * Digest
   * Export
   * Get statistics
   * Search
   
 * Mailing lists
   
 * Source code
   * Use Git
   * Browse Sources Repository
   
 * Bugs
   * Submit new
   * Browse
   * Reset to open
   * Digest
   * Export
   * Get statistics
   * Search
   
 * Tasks
   * Submit new
   * Browse
   * Reset to open
   * Digest
   * Export
   * Get statistics
   * Search
   
 * Patches
   * Submit new
   * Browse
   * Reset to open
   * Digest
   * Export
   * Get statistics
   * Search
   
 * News
   * Browse
   * Atom feed
   * Submit
   * Manage
   

 
 

You are not allowed to post comments on this tracker with your current
authentication level.


PATCH #10307: FIX SAVANNAH BUG #62387

Submitter:  Matej Mužila <mmuzila> Submitted:  Wed 11 Jan 2023 08:58:25 AM UTC  
Category:  None Priority:  5 - Normal Status:  None Privacy:  Public Assigned
to:  None Open/Closed:  Open


(-)DISCUSSION(+)DISCUSSION DISCUSSION

Wed 11 Jan 2023 08:58:25 AM UTC, original submission:  

 * src/list.c (from_header): Check for the end of field after leading byte (0x80
   or 0xff) of base-256 encoded header value.

If the 12 byte long mtime header field is set to a value consisting of 11
whitespaces (or '\0' and 10 whitespaces)
followed by 0xff or 0x80 byte, heap buffer overflow occurs.


In the base-256 decoding routine, the where pointer gets incremented after
reading the leading byte (0x80 or 0xff),
but no check for the end of the field is done before further reading. This may
lead to out-of-bounds read and a jump
depending on unitialised value. In this case the existing check does not kick
in, because the
where is already > lim.


Patch fixing this problem is attached.


Matej Mužila <mmuzila>

 


(-)ATTACHED FILES(+)ATTACHED FILES ATTACHED FILES

(Note: upload size limit is set to 16384 kB, after insertion of the required
escape characters.)



Attached Files
file #54212:  Fix-savannah-bug-62387.patch added by mmuzila (986B -
text/x-patch)



 


(-)DEPENDENCIES(+)DEPENDENCIES DEPENDENCIES

Depends on the following items: None found

Items that depend on this one: None found

 


(-)MAIL NOTIFICATION CARBON-COPY LIST(+)MAIL NOTIFICATION CARBON-COPY LIST MAIL
NOTIFICATION CARBON-COPY LIST

Carbon-Copy List
-email is unavailable- added by mmuzila (Submitted the item)

 


(-)VOTES(+)VOTES VOTES

There are 0 votes so far. Votes easily highlight which items people would like
to see resolved in priority, independently of the priority of the item set by
tracker managers.

 

 

 


(-)HISTORY(+)HISTORY HISTORY

Follows 1 latest change.

Date Changed by Updated Field Previous Value => Replaced by 2023-01-11 mmuzila
Attached File- Added Fix-savannah-bug-62387.patch, #54212



Copyright © 2023  Free Software Foundation, Inc.
Verbatim copying and distribution of this entire article is permitted in any
medium, provided this notice is preserved.
The Levitating, Meditating, Flute-playing Gnu logo is a GNU GPL'ed image
provided by the Nevrax Design Team.
Source Code

Powered by Savane 3.10