[Bug 1513] New: Security fix for yet another nasm buffer overflow.

blfs-bugs at linuxfromscratch.org blfs-bugs at linuxfromscratch.org
Mon Aug 8 14:46:03 PDT 2005


http://blfs-bugs.linuxfromscratch.org/show_bug.cgi?id=1513

           Summary: Security fix for yet another nasm buffer overflow.
           Product: Beyond LinuxFromScratch
           Version: b-6.1-pre1
          Platform: PC
               URL: http://cvs.sourceforge.net/viewcvs.py/nasm/nasm/output/
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: BOOK
        AssignedTo: blfs-book at linuxfromscratch.org
        ReportedBy: ken at kenmoffat.uklinux.net
         QAContact: blfs-book at linuxfromscratch.org


Nasm-0.98.39 fixed the CAN-2004-1287 buffer overflow.  The following patch taken
from CVS addresses CAN-2005-1194.  Vulnerability is probably low.

 I've just submitted this with the proper headers to patches as
nasm-0.98.39-security_fix-1.patch. Ken

--- nasm-0.98.39/output/outieee.c.orig  2005-01-15 22:16:08.000000000 +0000
+++ nasm-0.98.39/output/outieee.c       2005-08-08 22:12:46.000000000 +0100
@@ -1120,7 +1120,7 @@
     va_list ap;

     va_start(ap, format);
-    vsprintf(buffer, format, ap);
+    vsnprintf(buffer, sizeof(buffer), format, ap);
     l = strlen(buffer);
     for (i = 0; i < l; i++)
         if ((buffer[i] & 0xff) > 31)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the QA contact for the bug, or are watching the QA contact.



More information about the blfs-book mailing list