At Tue, 22 Nov 2011 21:16:14 +0100,
Moritz Mühlenhoff wrote:
> > > JPCERT disclosed an unspecified buffer overflow vulnerability in
> > > ChaSen:
> > >
> > > <http://jvn.jp/en/jp/JVN16901583/index.html>
> > >
> > > Apparently, upstream will not provide patches. Would you be willing
> > > to work on this issue if we can obtain further details?
> >
> > Yes, I and Nokubi-san hope so, and I asked JVN to send more detail
> > about it if they can.
>
> Any results yet?
The following is the patch to fix the issue:
diff --git a/lib/chalib.c b/lib/chalib.c
index 5d79e13..66caee3 100644
--- a/lib/chalib.c
+++ b/lib/chalib.c
@@ -306,9 +306,14 @@ chasen_sparse_main(char *input, FILE *output)
*/
while (*input) {
int c = 0, len, cursor;
- if ((crlf = strpbrk(input, "\r\n")) == NULL)
+ if ((crlf = strpbrk(input, "\r\n")) == NULL) {
len = strlen(input);
- else {
+ if (len > CHA_INPUT_SIZE) {
+ len = CHA_INPUT_SIZE;
+ crlf = input + CHA_INPUT_SIZE - 1;
+ c = 0;
+ }
+ } else {
len = crlf - input;
c = *crlf;
*crlf = '\0';
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
