Package: xtrlock Version: 2.0 When the screen is locked and you write a "bit more" characters (e.g. by holding some key for about 2 minutes) and press Enter after that, xtrlock crashes hence the screen is unlocked now. I thing the problem is in rlen, that is increased on any keypress and after LF is to rbuf[rlen] written 0. But rlen can be real great number at this moment and rbuf[rlen] can point to part of memory we hadn't access .. Following patch should fix the bug: ####BEGINING OF THE PATCH#### --- xtrlock.c 1997-10-22 12:32:28.000000000 +0200 +++ xtrlock.c 2003-04-08 19:41:12.000000000 +0200 @@ -14,6 +14,9 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. + * + * .. overflow bug patched by srakyi (http://srakyi.modry.cz) - no warranty + * */ #include <X11/X.h> @@ -191,8 +194,10 @@ break; default: if (clen != 1) break; - if (rlen < sizeof(rbuf)) rbuf[rlen]= cbuf[0]; - rlen++; + if (rlen < sizeof(rbuf)) { + rbuf[rlen]= cbuf[0]; + rlen++; + } break; } break; ####END OF THE PATCH####
have you submitted this patch to the authors of xtrlock? i think this is a security vunerability that they should know about.
alright. thanks. it looks like a sensible patch. given that piece of software was done sometime in 1994, i suspect the author has long abandoned it .. hmmm .. i've committed it to portage
*** Bug 78381 has been marked as a duplicate of this bug. ***
