Fwd: [oss-security] Re: ScriptFu Server Buffer Overflow in GIMP <=
2.6
Eitan Adler
lists at eitanadler.com
Sun Jul 1 14:42:21 UTC 2012
A vulnerability has been found in a port you maintain. If you haven't
yet done so
please update the port and write up a VuXML report. If you need help
feel free to
email ports-security at freebsd.org.
---------- Forwarded message ----------
From: <mancha at mac.hush.com>
Date: 30 June 2012 19:44
Subject: [oss-security] Re: ScriptFu Server Buffer Overflow in GIMP <= 2.6
To: oss-security at lists.openwall.com
Below find a patch for the 2.6.x branch of GIMP to address a potential
buffer overflow in the script-fu server (CVE-2012-2763) reported on this list
by J. Sheridan (http://www.openwall.com/lists/oss-security/2012/05/31/1)
--mancha
======================
Fix for CVE-2012-2763 for GIMP 2.6.x by mancha. Based on commit
76155d79df8d497. Thanks to muks, Kevin, and Ankh for identifying the
relevant code change.
Ref: Fixed potential buffer overflow in readstr_upto().
----------
--- a/plug-ins/script-fu/tinyscheme/scheme.c 2012-06-30
+++ b/plug-ins/script-fu/tinyscheme/scheme.c 2012-06-30
@@ -1727,7 +1727,8 @@ static char *readstr_upto(scheme *sc, ch
c = inchar(sc);
len = g_unichar_to_utf8(c, p);
p += len;
- } while (c && !is_one_of(delim, c));
+ } while ((p - sc->strbuff < sizeof(sc->strbuff)) &&
+ (c && !is_one_of(delim, c)));
if(p==sc->strbuff+2 && c_prev=='\\')
*p = '\0';
--
Eitan Adler
More information about the freebsd-gnome
mailing list