I've built gurlchecker on Gentoo ppc and x86. Receiving segfaults after a while on both arch I used valgrind. I found a few bugs in gurlchecker-0.8.2, reported to the maintainer with a patch : - with g_memdup in uc_check_link_get_properties_proto_http (off by one string copy leading to consecutive read overflows) - with htmlFreeParserCtxt in uc_html_parser_get_tags (read and write access to free'd zone) - with memcpy in uc_utils_string_cut (potential read overflow) and write overflow with strncat The last overflow can be triggered with a link url of the right size, but the write content can't be controled. Looks like the problem is limited to remote DoS but not remote execution. Reproducible: Always Steps to Reproduce:
Auditors please adivse (And reassign to maintainer if this is just a simple crash and not exploitable)
Yes, clearly some bugs there, but looks like no security impact, reassigning to maintainer.
I've committed gurlchecker-0.8.3 to the tree, which includes these bug fixes. Since no real security problems have been identified, it won't be pushed to stable too soon. Thanks for the report.
