Package: nautic
Version: 1.5-1
Severity: serious
Tags: patch
Justification: buffer overrun in package without hardening flags enabled
The writes past the end of the buffer are of fixed data (the code
which writes to moon_alt calculates a table of values with a formula)
so this seems unlikely to have security implications, but it's quite
likely to result in a crash.
A patch to fix this is attached (this seems to just be a typo in the
declared size of the moon_alt array).
Cheers,
Olly
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages nautic depends on:
ii libc6 2.18-7
ii libgcc1 1:4.9.0-5
ii libstdc++6 4.9.0-5
ii libwxbase2.8-0 2.8.12.1+dfsg2-1
ii libwxgtk2.8-0 2.8.12.1+dfsg2-1
nautic recommends no packages.
nautic suggests no packages.
-- no debconf information
Description: Fix buffer overrrun
The loops which access moon_alt assume it has 514 elements, not 504.
Author: Olly Betts <o...@survex.com>
Last-Update: 2014-06-09
--- nautic-1.5.orig/src/h_correction.cpp
+++ nautic-1.5/src/h_correction.cpp
@@ -79,7 +79,7 @@ static double mean_alt[]= {
9,14,19,24,29,34,39,44,49,54,59,64,69,74,79,84,89,
};
-static double moon_alt[504];
+static double moon_alt[514];
static double moon_refrac[] = { 0.0, 0.0,
66.9, 67.2, 67.4, 67.6, 67.8, 68.0, 68.2, 68.4, 68.6, 68.7, 68.9, 69.0,
