I reviewed discount 2.2.6-1ubuntu1 as checked into hirsute. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
discount is an implementation of John Gruber's Markdown markup language.
- CVE History:
- All CVEs bellow are open
CVE-2018-11468 - medium (affects only xenial and bionic)
CVE-2018-11503 - medium (affects only xenial and bionic)
CVE-2018-11504 - medium (affects only xenial and bionic)
CVE-2018-12495 - low (affects only xenial and bionic)
- Build-Depends?
- libmarkdown2, libmarkdown2-dev
- pre/post inst/rm scripts?
- there are two .install scripts:
- libmarkdown2-dev.install does:
- echo mkdio.h usr/include/$DEB_HOST_MULTIARCH
- echo libmarkdown.so usr/lib/$DEB_HOST_MULTIARCH
- echo libmarkdown.pc usr/lib/$DEB_HOST_MULTIARCH/pkgconfig/
- libmarkdown2.install does:
- echo libmarkdown.so.* usr/lib/$DEB_HOST_MULTIARCH
- init scripts?
None
- systemd units?
None
- dbus services?
None
- setuid binaries?
None
- binaries in PATH?
-rwxr-xr-x root/root 20000 2020-10-10 16:43 ./usr/bin/makepage
-rwxr-xr-x root/root 24672 2020-10-10 16:43 ./usr/bin/markdown
-rwxr-xr-x root/root 24160 2020-10-10 16:43 ./usr/bin/mkd2html
-rwxr-xr-x root/root 32624 2020-10-10 16:43 ./usr/bin/theme
- sudo fragments?
None
- polkit files?
None
- udev rules?
None
- unit tests / autopkgtests?
- there are tests but I'm not 100% sure they run on build time.
- cron jobs?
- none
- Build logs:
None
- Processes spawned?
one, but run only if it HAS_GIT flag. These are build utilities exec files
only.
- Memory management?
- In a first glance, it is ok.
- it uses some strcpy with some argv/argc, but the memory
buffers are set size using the argv/argc. In any case, probably need
further looks
- File IO?
- Sounds ok
- Logging?
- Some logs using perror
- Environment variable usage?
- it uses MARKDOWN_FLAGS amd AMALLOC_STATISTICS env variables. But not seems
weird.
- Use of privileged functions?
- None
- Use of cryptography / random number sources etc?
- None
- Use of temp files?
- None
- Use of networking?
- None
- Use of WebKit?
- None
- Use of PolicyKit?
- None
- Any significant cppcheck results?
- lots of Expression errors as in:
sio.c:14:5: error: Expression
'((*iot).size++)[((*iot).size<(*iot).alloc)?((*iot).text):((*iot).text=(*iot).text?realloc((*iot).text,sizeof(*iot).text[0]*((*iot).alloc+=100)):malloc(sizeof(*iot).text[0]*((*iot).alloc+=100)))]'
depends on order of evaluation of side effects [unknownEvaluationOrder]
EXPAND(*iot) = c;
- Any significant Coverity results?
- Some possible NULL dereference in markdown.c 958 as p is passed without be
checked.
- same in line 996 markdown.c
- Any significant shellcheck results?
- not that relevant.
- Any significant bandit results?
- None
There are few things that I believe should be address first to ACK it, as
re-check the possible NULL dereferences were it was pointed.
But in general, from me it's ACK.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11468
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11503
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-11504
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-12495
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1899213
Title:
[MIR] new dependencies of lintian
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/discount/+bug/1899213/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
