Package: libgksu2-0
Version: 2.0.7-1
Severity: important
Tags: patch
This fixes two bugs in read_line function. Both are exposed when running
gksudo --debug:
- First, when read() fails, the printed value will come from uninitialised
memory. This results in stuff like "GNOME_SUDO_PASSSSSSSSSSSSSSSSS..."
being printed.
- Second, the null terminator is off-by-one, resulting in garbage being
printed at the end of each line. This may also lead to memory
corruption (for n >= 256)!!!
-- System Information:
Debian Release: 5.0.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=ca_AD.UTF-8, LC_CTYPE=ca_AD.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libgksu2-0 depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libcairo2 1.6.4-7 The Cairo 2D vector graphics libra
ii libfontconfig1 2.6.0-3 generic font configuration library
ii libfreetype6 2.3.7-2 FreeType 2 font engine, shared lib
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.6-1+lenny1 The GLib library of C routines
ii libgnome-keyring0 2.22.3-2 GNOME keyring services library
ii libgtk2.0-0 2.12.12-1~lenny1 The GTK+ graphical user interface
ii libgtop2-7 2.22.3-1 gtop system monitoring library
ii libpango1.0-0 1.20.5-3 Layout and rendering of internatio
ii libpixman-1-0 0.10.0-2 pixel-manipulation library for X a
ii libpng12-0 1.2.27-2+lenny2 PNG library - runtime
ii libstartup-notificatio 0.9-1 library for program launch feedbac
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii libxrender1 1:0.9.4-2 X Rendering Extension client libra
ii xauth 1:1.0.3-2 X authentication utility
ii xbase-clients 1:7.3+18 miscellaneous X clients - metapack
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages libgksu2-0 recommends:
ii sudo 1.6.9p17-2 Provide limited super user privile
libgksu2-0 suggests no packages.
-- no debconf information
diff -ur libgksu-2.0.7.old/libgksu/libgksu.c libgksu-2.0.7/libgksu/libgksu.c
--- libgksu-2.0.7.old/libgksu/libgksu.c 2008-05-28 02:00:44.000000000 +0200
+++ libgksu-2.0.7/libgksu/libgksu.c 2009-04-27 17:54:02.000000000 +0200
@@ -2319,12 +2319,13 @@
for (; counter < (n - 1); counter++)
{
+ tmp[0] = '\0';
read (fd, tmp, 1);
if (tmp[0] == '\n')
break;
buffer[counter] = tmp[0];
}
- buffer[counter+1] = '\0';
+ buffer[counter] = '\0';
}
/**
