Package: mixmaster Version: 3.0b2-4 Severity: important In function mix2_decrypt() in rem2.c, the value of a local variable changes without direct assignment, leading to a segfault further down when its associated buffer is accessed. The affected variable differed sometimes after I added debug code, while the value it was changed to and data at that location stayed the same.
In most cases I saw the value of dec change between line 176 dec = buf_new(); dec = 0x80B83C8 (value of dec->data lost in transcription but it was different from below) dec->length = 0 dec->size = 128 and line 201 buf_get(m, dec, 328); with only a few buffer operations in between. dec = 0x80B8300 dec->data = 0x80B8278 dec->length = 134971984 (0x80B8250) dec->size = 29793 The interesting values are length, which looks like a pointer and size, which is about the size of a mixmaster message. The paranoid might think this was a crafted message to overwrite important pointers but I have found no further evidence. This buffer structure at 0x80B8300 then gets overwritten by a memcpy of 328 bytes from the incoming message to dec->data at 0x80B8278, leading to a segfault when buf_append() tries to write a zero byte to dec->data+length. I recompiled with gcc-3.4 and mixmaster didn't crash yet. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-686 Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Versions of packages mixmaster depends on: ii adduser 3.102 Add and remove users and groups ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libmailtools-perl 1.74-1 Manipulate email in perl programs ii libncurses5 5.5-5 Shared libraries for terminal hand ii libpcre3 6.7-1 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii libwww-perl 5.805-1 WWW client/server library for Perl ii zlib1g 1:1.2.3-13 compression library - runtime Versions of packages mixmaster recommends: ii exim4-daemon-custom [mail- 4.50-8sarge2a custom exim MTA (v4) daemon with l -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
