Re: integer overflow in xemacs
Ar an tríú lá is fiche de mí Eanair, scríobh Nico Golde:
Hi Stephen,
* Stephen J. Turnbull <stephen(a)xemacs.org> [2008-01-23 12:32]:
> Nico Golde writes:
>
> > during the analysis of CVE-2007-6109 and if this affects
> > xemacs Florian Weimer and me recognized a problem in the
> > xemacs code:
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457764#10
>
> Do you actually have an exploit? If so, we should fix the particular
> use, not change the macro.
xemacs21 -batch -eval '(format "%30000000d" 0)'
this is the same proof of concept like for CVE-2007-6109
that already has been fixed in emacs.
And in XEmacs.
$ ./xemacs -batch -eval '(format "%30000000d" 0)'
$ echo $?
0
$
The fix was not included in beta 28, though. 21.4 never had the problem.
Also, that is not an exploit, not even a proof-of-concept exploit.
> As you must know, alloca is a performance optimization. Any
extra
> checks will tend to defeat that purpose.
How is alloca related to performance? I mean you should
really fix this macro its used all over the code and it is
dangerous.
No, it’s not.
--
¿Dónde estará ahora mi sobrino Yoghurtu Nghé, que tuvo que huir
precipitadamente de la aldea por culpa de la escasez de rinocerontes?
_______________________________________________
XEmacs-Beta mailing list
XEmacs-Beta(a)xemacs.org
http://calypso.tux.org/cgi-bin/mailman/listinfo/xemacs-beta