Package: xbindkeys-config Version: 0.1.3-1 Severity: normal Hi,
While scanning some packages I found the following piece of code which leads
to a buffer overflow when an overly long HOME env var is used.
Affected code:
xbindkeys_config.c:
> char buf[1024];
> int i;
> gboolean show=FALSE;
>
> sprintf(buf, "%s/.xbindkeysrc", getenv ("HOME"));
speedc.c:
> char *p, buf[1024];
> int i;
>
[...]
> /* create $HOME/.xbindkey_config is not exist */
> sprintf(buf,"%s/.xbindkeys_config", getenv ("HOME"));
menu.c, middle.c:
> char buf[1024];
> sprintf(buf, "%s/.xbindkeysrc", getenv ("HOME"));
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
