Hi François,
* François Wendling <[EMAIL PROTECTED]> [2008-09-05 01:51]:
> Gmanedit includes several buffer overflows. It needs to be audited
> seriously, user input is never checked. Here are the ones i found :
>
> * Launch the wizard, click all the boxes, complete the wizard.
> Check
> for "cad[512]" in the source, it's where the problem is, it
> should
> be increased ; it fixes the problem, but it's ugly.
>
> * Launch the wizard, type a very long line in title or name of the
> manpage. At first the UI doesn't limit the number of characters
> you can enter, then the code handles it badly.
>
> * Open preferences, flood the inputbox.
>
> * Same like above, but this time it comes from the rc file. Just
> fill the
> "COMMAND=" parameters with a lot of characters.
>
> * Fill the editor with a 200kb file, then try to see the man
> ("view
> created page").I took a look at these and they are definitely bugs but not security issues. At least I currently see no way how an attacker could use these bugs to exploit a victim. Loading files with long titles works fine for example. I'll continue to have a look at the rest of the code. Cheers Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpeJzutT1Wno.pgp
Description: PGP signature
