113647 2005-11-26 11:45 0000 www-misc/gurlchecker Possible overflows 2005-12-21 19:25:39 0000 1 1 1 Unclassified Gentoo Security Auditing unspecified All All RESOLVED FIXED http://labs.libre-entreprise.org/forum/forum.php?forum_id=429 P2 normal --- 1 castan.o@free.fr leonardop@gentoo.org castan.o@free.fr 2005-11-26 11:45:02 0000 I've built gurlchecker on Gentoo ppc and x86. Receiving segfaults after a while on both arch I used valgrind. I found a few bugs in gurlchecker-0.8.2, reported to the maintainer with a patch : - with g_memdup in uc_check_link_get_properties_proto_http (off by one string copy leading to consecutive read overflows) - with htmlFreeParserCtxt in uc_html_parser_get_tags (read and write access to free'd zone) - with memcpy in uc_utils_string_cut (potential read overflow) and write overflow with strncat The last overflow can be triggered with a link url of the right size, but the write content can't be controled. Looks like the problem is limited to remote DoS but not remote execution. Reproducible: Always Steps to Reproduce: jaervosz@gentoo.org 2005-11-26 12:01:45 0000 Auditors please adivse (And reassign to maintainer if this is just a simple crash and not exploitable) taviso@gentoo.org 2005-12-18 12:37:59 0000 Yes, clearly some bugs there, but looks like no security impact, reassigning to maintainer. leonardop@gentoo.org 2005-12-21 19:25:39 0000 I've committed gurlchecker-0.8.3 to the tree, which includes these bug fixes. Since no real security problems have been identified, it won't be pushed to stable too soon. Thanks for the report.