On Tue, Jan 13, 2009 at 09:21:18PM +0100, Tomas Pospisek wrote:
>
> I was debugging this for a while but it seemed to me that pgp4pine had
> more than one character array overflow - string overflows nota bene which
> are security relevant.
>
> Here's one bug that's on public record:
>
> pgp4pine (1.76-4) unstable; urgency=high
>
> * [Security]: Fix read buffer overflow
> Found by Eric AUGE:
> http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html
> Fix by Jacek Lipkowski:
> http://archives.neohapsis.com/archives/vulndiscuss/2003-q1/0126.html
>
> And here's a patch:
>
> diff -ruN pgp4pine-1.76.orig/pgp4pine/menus.c
> pgp4pine-1.76/pgp4pine/menus.c
> --- pgp4pine-1.76.orig/pgp4pine/menus.c 2001-04-09 18:23:37.000000000
> +0200
> +++ pgp4pine-1.76/pgp4pine/menus.c 2008-05-08 14:52:39.000000000
> +0200
> @@ -34,11 +34,13 @@
> executed, EOF breaks directly */
> return;
> }
> - else if ((readline[i++]=c) == '\n')
> + else if ((readline[i]=c) == '\n')
> {
> + if (i<(CONSOLE_IO_LINE_LENGTH-2)) i++;
> readline[i]='\0';
> fertig=1;
> }
> + else if (i<(CONSOLE_IO_LINE_LENGTH-2)) i++;
> }
> fertig=0;
>
> Since IMO pgp4pine has issues with overflows and upstream hasn't been
> seen
> in the wild for a while, pgp4pine should be killed. The question however
> is how pine people would go about writing/reading gpg encrypted/signed
> mails?
>
> Could you please fix the Bug Status James?
> *t)
What's the status? This bug has been open for nearly 1.5 years.
We should remove pgp4pine if it's buggy, insecure and dead upstream.
Also, alpine and cone seem to support PGP/GnuPG these days.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
