Package: openjdk-6-jre Version: 6b11-6 Severity: minor Tags: security Steps to produce: 1) LC_CTYPE="fi_FI.iso8859-1`perl -e 'print " "x80'`" freecol
Expected results: 1) openjdk runs freecol (a Java application) or complains about wrong locale name Actual results: 1) openjdk segfaults: # # An unexpected error has been detected by Java Runtime Environment: # # SIGSEGV (0xb) at pc=0xb755e818, pid=2687, tid=3076606864 # # Java VM: OpenJDK Client VM (1.6.0_0-b11 mixed mode, sharing linux-x86) # Problematic frame: # C [libjava.so+0xf818] Java_java_lang_System_initProperties+0x28 # # An error report file with more information is saved as: # /home/lindi/hs_err_pid2687.log # # If you would like to submit a bug report, please visit: # http://icedtea.classpath.org/bugzilla # Aborted (core dumped) More info: 1) java_props_wd.c does strcpy without checking buffer bounds lc = setlocale(LC_CTYPE, ""); .... char temp[64]; .... strcpy(temp, lc); so maybe this could also be (ab)used to corrupt stack to execute arbitrary code? I hope there is no way for a Java applet to set LC_CTYPE. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
