Bug#771738: apt-get segfaults on '[' in sources.list

gt; > # sudo apt-get update Segmentation fault >> > > I cannot reproduce this. Can you attach a failing sources.list file? It has been fixed upstream, I believe. -- -- Joshua Rogers signature.asc Description: OpenPGP digital signature

Bug#794336: [e]glibc breaks res_init() functionality

x27;s bug tracking for awhile.) -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#780524: libresolv res_init() does not correctly initialize internals

Debian here: https://lists.debian.org/debian-glibc/2014/05/msg00171.html tl;dr: since res_init() does not set 'last_mtime', it does not initialize the internals, for libresolv to be used by the likes of getaddrinfo, gethostbyname, res_query, etc. etc.. Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#773502: [Pkg-gnupg-maint] Bug#773502: off-by-one memory assignment

On 07/01/15 11:44, NIIBE Yutaka wrote: > On 12/19/2014 05:47 PM, Joshua Rogers wrote: >> Package: gnupg2 >> Version: 2.1.1 >> Severity: normal >> >> in app-nks.c on line 1242, data is assigned the memory of 'datalen', >> which is calculated u

Bug#773502: Update

Were these ever handled? Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#773523: [PATCH] * dirmngr/ldapserver.c (ldapserver_parse_one) return NULL on 'fail'.

-- If something inside the ldapserver_parse_one function failed, 'server' would be freed, then returned, leading to a use-after-free. This code is likely copied from sm/gpgsm.c, which was also susceptible to this bug. --- dirmngr/ldapserver.c | 1 + 1 file changed, 1 insertion(+) diff --git a

Bug#773473: [PATCH] * sm/gpgsm.c: (parse_keyserver_line) return false on 'fail'.

-- If something in the keyserver_line failed, parse_keyserver_line would free 'server', but then return it afterwards, leading to a use-after-free. sm/gpgsm.c, in the function main() correctly checks whether the return of parse_keyserver_line is false. --- sm/gpgsm.c | 1 + 1 file changed, 1 i

Bug#773570: off-by-one

->refId, TSYNC_REF_LOCAL, TSYNC_REF_LEN); > 354strncpy((char *)&pp->refid, TSYNC_REF_LOCAL, TSYNC_REF_LEN); Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubsc

Bug#773518: Closing

Closing. -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773474: [PATCH] * scd/app-openpgp.c: (get_public_key) correctly close 'fp' upon use.

-- Inside the get_public_key function, 'fp' was opened using popen, but incorrectly closed using fclose. >From pclose(2): The return value from popen() is a normal standard I/O stream in all respects save that it must be closed with pclose() rather than fclose(3). --- scd/a

Bug#773541: uninitalized pointer read

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, On line 204 of crlfetch.c 'hd' is run through http_get_status_code, but it is possible for 'hd' not to be set, if opt.disable_http is true.(see lines 192-202) Thanks -- -- Joshua Rogers <https://internot.info/>

Bug#773523: use-after-free v2

Package: gnupg2 Version: 2.1.1 Severity: normal In ldapserver.c on line 127, 'server' is freed, but it is then returned on line 130. This code looks like a copy and paste from gpgsm.c (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773473) Thanks, -- -- Joshua Rog

Bug#773521: incorrect memset

Package: gnupg2 Version: 2.1.1 Severity: normal on line 253 of ecdh.c, memset is called with a 0 fill value, which will do nothing. what's the point? Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org wit

Bug#773518: use-after-free

Sorry, I already reported this before: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773473 Please close. Thanks, -- -- Joshua Rogers <https://internot.info/>

Bug#773520: use-after-free

Package: gnupg2 Version: 2.1.1 Severity: normal In ks-engine-hkp.c on line 509 'reftbl' is freed, but it is then used on line 511. I'm guessing this is a missing return;. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to

Bug#773518: explicit use-after-free

Package: gnupg2 Version: 2.1.1 Severity: normal in gpgsm.c on line 861-867, there is an explicit use-after-free, if 'fail' is true. keyserver_list_free does not return the function, leaving it to then return the freed value. Thanks, -- -- Joshua Rogers <https://internot.in

Bug#773507: explicit buffer overrun

. If argc is 398, it will pass that check. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773502: off-by-one memory assignment

l need to check.) Thanks -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773497: double file close

Package: gnupg2 Version: 2.1.1 Severity: normal In dotlock.c on line 682-683, close(fd) is attempted. If it succeeds, "goto write_failed" is executed. write_failed explicitly closes fd, leading to a double-close of fd. Thanks, -- -- Joshua Rogers <https://internot.in

Bug#773499: singleton used as array

Package: gnupg2 Version: 2.1.1 Severity: normal in keyedit.c, on line 2478, 'prefs' is used as an array, but it's actually a singleton. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a su

Bug#773472: Fwd: not "use after free, and double free"

I messed up the line numbers on this. The first pwbuf is freed on line 2438, then the failure part is at 2509. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble?

Bug#773475: [Pkg-gnupg-maint] Bug#773475: Fwd: missing va_end (x2)

ly, I should have, but I looked at the bug report page and it seems that the develoeprs are inactive. I didn't really have a good look though, so I may have missed other activity. Anyways, if you could do the patch generation and fowarding, that would be great. I really can't be both

Bug#773481: bsd-mailx

On 19/12/14 07:38, Joshua Rogers wrote: > Sorry, it's actually heirloom-mailx, not bsd-mailx. > Can this be reassigned? > > Thanks, Nope! I'm wrong! It _is_ bsd-mailx. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-d

Bug#773481: bsd-mailx

Sorry, it's actually heirloom-mailx, not bsd-mailx. Can this be reassigned? Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773481: bsd-mailx out-of-scape bug

Package: bsd-mailx Version: 8.1.2-0.20131005cvs-1 Severity: normal Hi, In fio.c on line 592, "cp = expand(buf);" is run, which returns that argument. Below it on line 594, "return(cp);" is run, but it points to an out-of-scope 'buf' variable. Thanks, -- -- Joshua

Bug#773475: Fwd: missing va_end (x2)

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, in curl-shim.c, on line 167, the function is returned, but va_end is never run. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "

Bug#773473: Fwd: gpg return-after-free

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, In sm/gpgsm.c, on line 864, 'server' is freed, but then on line 867 it is returned. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org w

Bug#773474: Fwd: incorrect file handling

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, In app-openpgp.c on line 1462, 'popen' is used to open "command". Later on, on line 1472, "fclose" is used instead of pclose. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSC

Bug#773471: Fwd: Double free

_CARD_REMOVAL (ctrl, > rc); return rc; Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773470: Fwd: off-by-one

erflow, or other problems down the line. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773472: Fwd: (not "use after free, and double free")

ed for the test if it's going to be freed beforehand. (In reality, it shouldn't be freed before it is sent to failure;) Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773469: Fwd: uninitalized variable

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, On line 1492 and 1493 of iobuf.c, '&len' is used to define the 'ret_len' in the file_filter, but len is never actually defined, leaving it open to strange interpretations in different enviroments. Thanks, --

Bug#773468: Fwd: missing check

Package: gnupg2 Version: 2.1.1 Severity: normal in signal.c on line 105, 'raise(sig);' is run, but later on, on line 127, sig is checked to be within 0-9. either it should be checked on 105, or the check at 127 for < 0 should be removed. Thanks, -- -- Joshua

Bug#773427: Strange checking bug

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, In stringhelp.c, line 525-526, no check is made to see if home_buffer is not NULL, like it is checked if xmode is false, on line 530. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dis

Bug#773423: double close

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, In dotlock.c on line 682 and 721, there is a double close of 'fd'. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "

Bug#773415: missing va_end

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, In gpgkey2ssh.c, in the function key_to_blob on line 210, va_end is never called. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "

Bug#773414: gpg use-after-free

Package: gnupg2 Version: 2.1.1 Severity: normal Hi, In 'iobuf.c' on lines 1131-1133, there is a use-after-free if DBG_IOBUF is enabled. Thanks, -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject

Bug#773305: Buffer overflow

I sent that email a bit too early. I found this using Coverity. -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#773305: Buffer overflow

On 17/12/14 04:08, Joshua Rogers wrote: > I sent that email a bit too early. > I found this using Coverity. Ugh, I'm too tired for this. I just realized it obviously cannot overlow, since %.250s is used. -- -- Joshua Rogers <https://internot.info/> -- To UNSUBSCRIBE, email to

Bug#773305: Buffer overflow

dbuf, DIFF " -Nu %.250s %.250s | %.250s", > str_quote_meta(old), str_quote_meta(new), > command_get_pager()); In command_get_pager(void): > pager = getenv("PAGER"); -- -- Joshua Rogers <https://internot.info/> --

Bug#771738: apt-get segfaults on '[' in sources.list

likely in sourcelist.cc, here: > char *I; // CNC:2003-02-20 - Do not break if '#' is inside []. for (I > = Buffer; *I != 0 && *I != '#'; I++) if (*I == '[') I = strchr(I + 1, > ']'); *I = 0; Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#771644: apt-mark says options before tested / error.

d 'grep set to automatically installed.' should never be outputted. -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#769515: Another

And just one more before I'm done... dpkg-deb/build.c > m= m_malloc(strlen(dir) + sizeof(DEBEXT)); m is never freed. Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#769515: dpkg memory leak v2

buf, v->size); is never freed. Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#769457: dpkg memory leak

On 14/11/14 08:57, Joshua Rogers wrote: > Any suggestions? Ehh, I got it kind of working. I'll do further testing when I wake up. Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#769457: dpkg memory leak

curkeys.cc:31:2: error: expected ‘}’ before ‘;’ token > curkeys.cc:31:2: error: expected ‘}’ before ‘;’ token > curkeys.cc:31:2: error: curly brackets (braces) around scalar > initialiser for type ‘const char*’ > make[3]: *** [curkeys.o] Error 1 > make[3]: Leaving directory `/root/dpkg/dselect' > make[2]: *** [all-recursive] Error 1 > make[2]: Leaving directory `/root/dpkg/dselect' > make[1]: *** [all-recursive] Error 1 > make[1]: Leaving directory `/root/dpkg' > make: *** [all] Error 2 Any suggestions? Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#769457: dpkg memory leak

_path(INFODIR); } ...which is called in filesdb.c(again): > void filesdbinit(void) { struct filenamenode *fnn; int i; > pkgadmindir_init(); for (i=0; i fnn= fnn->next) { fnn->flags= 0; fnn->oldhash = NULL; fnn->filestat = > NULL; } } Anyways, point is, pathna

Bug#769111: dpkg bug/vuln v2

st field names, so that's > wrong, and I'm fixing this separately. > Great, thanks! -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#769111: dpkg bug/vuln v2

(main=0x402860 , > argc=3, ubp_av=0x7fffe158, init=, fini= out>, rtld_fini=, stack_end=0x7fffe148) at > libc-start.c:226 > #11 0x00402ac5 in _start () A quick guess is that because the > : 1 part of the file does not have a 'name', it trys to call a NULL. Somebody should check if I'm right, though. Thanks, -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#768485: dpkg: format string vulnerability

via email? Thanks -- -- Joshua Rogers <https://internot.info/> signature.asc Description: OpenPGP digital signature

Bug#767533: [Aptitude-devel] Quick Question

It looks like download_item.c:99 has the same code, just FYI. -- Joshua Rogers <https://internot.info/> On 01/11/14 07:03, Manuel A. Fernandez Montecelo wrote: > Source: aptitude > Version: 0.6.11-1 > > 2014-10-30 11:23 Joshua Rogers: >> Hi guys, >> >> >>