Bug#466850: gpsk31: buffer overflow reading config file

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#466850: gpsk31: buffer overflow reading config file

Fernando M. Maresca-2
Package: gpsk31
Version: 0.3-1
Severity: normal


There are a buffer overflow in the conf file if just over 19 characters
are set to the options like 'name' or 'qth'. For example, if the qth
string is longer than 19 chars, the callsign gets overwrited, as
follows:
- set callsingn = "BBBBB"
- set qth = "AAAAAAAAAAAAAAAAAAAAAAAAAAAA"
- run the program
- go to Send -> MyCall
and you'll get AAA instead of the callsign.

Other options are susceptible to this bug too.

At least, a warning note must be placed in the conf. file example
itself.

73s, LU2DFM



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.24-1-amd64 (SMP w/1 CPU core)
Locale: LANG=es_AR, LC_CTYPE=es_AR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages gpsk31 depends on:
ii  libatk1.0-0             1.20.0-1         The ATK accessibility toolkit
ii  libc6                   2.7-8            GNU C Library: Shared libraries
ii  libcairo2               1.4.14-1         The Cairo 2D vector graphics libra
ii  libfontconfig1          2.5.0-2          generic font configuration library
ii  libgcc1                 1:4.3-20080202-1 GCC support library
ii  libglib2.0-0            2.14.6-1         The GLib library of C routines
ii  libgtk2.0-0             2.12.8-1         The GTK+ graphical user interface
ii  libpango1.0-0           1.18.4-1         Layout and rendering of internatio
ii  libstdc++6              4.3-20080202-1   The GNU Standard C++ Library v3
ii  libx11-6                2:1.0.3-7        X11 client-side library
ii  libxcursor1             1:1.1.9-1        X cursor management library
ii  libxext6                1:1.0.3-2        X11 miscellaneous extension librar
ii  libxfixes3              1:4.0.3-2        X11 miscellaneous 'fixes' extensio
ii  libxi6                  2:1.1.3-1        X11 Input extension library
ii  libxinerama1            1:1.0.2-1        X11 Xinerama extension library
ii  libxrandr2              2:1.2.2-1        X11 RandR extension library
ii  libxrender1             1:0.9.4-1        X Rendering Extension client libra

gpsk31 recommends no packages.

-- no debconf information



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Bug#466850: gpsk31: buffer overflow reading config file

Joop Stakenborg-3
>  There are a buffer overflow in the conf file if just over 19 characters
>  are set to the options like 'name' or 'qth'.

Hi Fernando,

I am working on a solution. Thanks for the report!

Regards,
Joop PG4I



--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]