This bug was fixed in the package nano - 2.5.3-2ubuntu2
---------------
nano (2.5.3-2ubuntu2) xenial-proposed; urgency=medium
* Apply upstream patch to allocate enough space for the prompt when finding
a lock file. (LP: #1641592)
-- Brian Murray <br...@ubuntu.com> Tue, 14 Feb 2017 15:10:03 -0800
** Changed in: nano (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to nano in Ubuntu.
https://bugs.launchpad.net/bugs/1641592
Title:
nano 2.5.3-2 on Xenial crashes with long paths on lockfiles
Status in nano package in Ubuntu:
Fix Released
Status in nano source package in Xenial:
Fix Released
Bug description:
# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
# apt-cache policy nano
nano:
Installed: 2.5.3-2
Candidate: 2.5.3-2
Reproducer:
1. # nano -G
999999999999999999999999999999999999999999999999999999999999999999999999999
2. <ctrl-z>
3. # nano -G
999999999999999999999999999999999999999999999999999999999999999999999999999
4. <answer y/n to the lockfile question>
5. <nano should segfault>
Quick dissection:
Looking at function do_lockfile in files.c, it seems that promptstr is
statically allocated to 128 characters. Now with a sufficiently long filename,
the following sprintf() call will overflow the allocated promptstr buffer and
corrupt memory.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
