Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 145820 - possible crash in dev-libs/libxml2
Summary: possible crash in dev-libs/libxml2
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: High minor
Assignee: Gentoo Linux Gnome Desktop Team
URL: http://bugzilla.gnome.org/show_bug.cg...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-09-01 02:28 UTC by Tavis Ormandy (RETIRED)
Modified: 2007-01-09 07:46 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2006-09-01 02:28:26 UTC 
This case from xmlSchemaGetCanonValue() mismatches snprintf length restriction
and buffer size.

        case XML_SCHEMAS_GMONTH: {
                /* TODO: Unclear in XML Schema 1.0 */
                /* TODO: What to do with the timezone? */
                *retValue = xmlMalloc(5);
                snprintf((char *) *retValue, 6, "--%02u",
                    val->value.date.mon);
            }
Comment 1 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-09-01 02:40:13 UTC 
Could cause arbitrary code execution in some twisted universe on some strange compiler. Otherwise, possible crash (DoS).

gnome, please provide fixed ebuilds.

Whiteboard: A2/A3
Comment 2 Harlan Lieberman-Berg (RETIRED) gentoo-dev 2006-09-01 02:40:35 UTC 
Could cause arbitrary code execution in some twisted universe on some strange compiler. Otherwise, possible crash (DoS).

gnome, please provide fixed ebuilds.

Whiteboard: A2/A3 [ebuild] hlieberman
Comment 3 Leonardo Boshell (RETIRED) gentoo-dev 2006-12-13 17:55:31 UTC 
libxml2-2.6.27 includes a fix for this. I'm not sure if the security team has further plans regarding this problem. If not, please feel free to close.
Comment 4 Mart Raudsepp gentoo-dev 2007-01-09 07:46:55 UTC 
security@ seems to never have been CC'ed, it seems.
Closing as fixed as almost a month has passed without anyone raising any concerns.