574892 – [auditing] dev-util/desktop-file-utils: desktop-file-validate: heap-based buffer overflow in validate.c

Bug 574892 - [auditing] dev-util/desktop-file-utils: desktop-file-validate: heap-based buffer overflow in validate.c

Summary: [auditing] dev-util/desktop-file-utils: desktop-file-validate: heap-based buf...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Auditing (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:	586576
Blocks:
	Show dependency tree

Reported:	2016-02-16 14:58 UTC by Agostino Sarubbo
Modified:	2016-09-30 17:45 UTC (History)
CC List:	2 users (show)

See Also:	586576
Package list:
Runtime testing required:	---

Attachments
ASan output (file_574892.txt,11.68 KB, text/plain) 2016-02-16 14:58 UTC, Agostino Sarubbo	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2016-02-16 14:58:54 UTC

Created attachment 425652 [details]
ASan output

I discovered that a crafted .desktop file is able to cause an heap-based buffer overflow


I'm waiting for a feedback.

Comment 1 Jason A. Donenfeld gentoo-dev

2016-02-16 16:40:17 UTC

Could you tell me situations in which this might be used to manage untrusted files?

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-02-16 17:07:47 UTC

(In reply to Jason A. Donenfeld from comment #1)
> Could you tell me situations in which this might be used to manage untrusted
> files?

Well, strictly speaking .desktop files can come from many sources, including the Gentoo tree or third party overlays. I do not expect such files to be security relevant so I don't always fully audit it myself (mea culpa). So if it can be exploitable there could be some attack vectors applicable from such a file in general.

Comment 3 Agostino Sarubbo gentoo-dev

2016-02-17 09:13:41 UTC

(In reply to Jason A. Donenfeld from comment #1)
> Could you tell me situations in which this might be used to manage untrusted
> files?

is Kristian's response enough?

Comment 4 Jason A. Donenfeld gentoo-dev

2016-02-23 18:16:19 UTC

No. Could you please tell me a vector that makes this a security vulnerability?

Comment 5 Agostino Sarubbo gentoo-dev

2016-06-22 10:40:09 UTC

this can be public now,

Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-06-22 10:48:34 UTC

(In reply to Agostino Sarubbo from comment #5)
> this can be public now,

OK