Home page logo
/

bugtraq logo Bugtraq mailing list archives

A possible buffer overflow in libnewt
From: Wu Tao <lepton () sina com>
Date: 28 Mar 2002 06:24:22 -0000



Hi!
When I am debugging my little program which used 
libnewt,I found a possible buffer overflow in libnewt.
libnewt is widely used by configuration program in 
redhat.Because there is no suid program use libnewt 
in my redhat 6.2 environment,it seems this bug can't 
be used to gain root.But if there is any suid program 
use libnewt,it is dangerous.
The following is my patch for libnewt 0.5.33.
I have mailed the author of libnewt about a week ago,
but I have got no reply.

diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c
--- newt-0.50.33/newt.c Wed Apr  4 03:33:10 2001
+++ newt-0.50.33-n/newt.c       Tue Mar 19 21:41:24 
2002
@@ -331,6 +331,8 @@
        }

        *chptr++ = key;
+       if(chptr-buf>8)
+               break;

        /* this search should use bsearch(), but when 
we only look through
           a list of 20 (or so) keymappings, it's probably 
faster just to


  By Date           By Thread  

Current thread:
  • A possible buffer overflow in libnewt Wu Tao (Mar 28)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]