Bug#514217: Buffer overflow in update_poi

[Marcus Bauer]

Accidentally this is fixed since 0.9.6 (released yesterday), the buffer
is now allocated dynamically using g_strdup_printf.

Marcus

On Thu, 05 Feb 2009 10:37:59 +0000
Enrico Zini <enr...@debian.org> wrote:

> Package: tangogps
> Version: 0.9.3-2
> Severity: serious
> 
> Hello,
> 
> thanks for maintaining tangogps.
> 
> I have noticed that it has a tendency to segfault when I type long POI
> descriptions.  The backtrace is rather useless, except it points at
> the update_poi function.  A quick glance at the function shows the
> issue:
> 
> char sql[512];
> [...]
> g_snprintf(sql, 2048,
>                         "UPDATE "
>                                 "poi "
>                         "SET "
>                                 "lat=%f,"
>                                 "lon=%f,"
>                                 "keywords='%s',"
>                                 "desc='%s'"
>                         "WHERE "
>                                 "idmd5='%s'"
>                         ,
>                         lat_deg, lon_deg,
>                         keyword, desc, idmd5);
> 
> Doh.  The buffer is 512 bytes, but the limit given to snprintf is
> 2048: boom.  Fixing the buffer to be 2048 bytes is a quick fix, but
> in the long term the function need considerable smartening up: if a
> long (>1900 or so bytes) is pasted in the field (say, the menu of a
> restaurant pasted form a web page, or extensive road directions), it
> will still lead to a truncated, and therefore invalid, SQL query.
> 
> 
> Ciao,
> 
> Enrico
> 
> -- System Information:
> Debian Release: 5.0
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
> Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
> 
> Versions of packages tangogps depends on:
> ii  libatk1.0-0                   1.22.0-1   The ATK accessibility
> toolkit ii  libc6                         2.7-18     GNU C Library:
> Shared libraries ii  libcairo2                     1.6.4-7    The
> Cairo 2D vector graphics libra ii  libcurl3-gnutls
> 7.18.2-8   Multi-protocol file transfer libra ii
> libgconf2-4                   2.22.0-1   GNOME configuration database
> syste ii  libglib2.0-0                  2.16.6-1   The GLib library
> of C routines ii  libgtk2.0-0                   2.12.11-4  The GTK+
> graphical user interface ii  libpango1.0-0                 1.20.5-3
> Layout and rendering of internatio ii  libsqlite3-0
> 3.5.9-5    SQLite 3 shared library
> 
> Versions of packages tangogps recommends:
> ii  gpsd                          2.37-7     GPS (Global Positioning
> System) da
> 
> tangogps suggests no packages.
> 
> -- no debconf information
> 
> 
> 



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org