[Bug 246050] Buffer overflows in fortune's strfile, unstr and randstr

Thu Apr 30 11:26:32 UTC 2020

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=246050

            Bug ID: 246050
           Summary: Buffer overflows in fortune's strfile, unstr and
                    randstr
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: shlomif at gmail.com

Hi all!

There are some bufferoverflows at
https://svnweb.freebsd.org/base/head/usr.bin/fortune/strfile/strfile.c?revision=316500&view=markup#l299
if *argv is long enough.

Here is a fix for fortune-mod:

https://svnweb.mageia.org/packages/updates/7/fortune-mod/current/SOURCES/fortune-mod--security-buffer-overflows-w-tests.patch?view=markup&pathrev=1573463

When refactoring fortune-mod, which started as a fork of netbsd's fortune, and
which I adopted, I found some buffer overflows and saw they were still present
in freebsd's and netbsd's fortune. openbsd appears to have fixed them, and a
netbsd developer fixed their copy after I reported it on freenode's #netbsd
channel.

For more dicussion, and a reproducer:

* https://bugs.mageia.org/show_bug.cgi?id=26567

* https://github.com/shlomif/fortune-mod/commits/master

-- 
You are receiving this mail because:
You are the assignee for the bug.