Bug#497835: gmanedit: Found several buffer overflows
thanks for all your bug reports, it is much appreciated!
I currently don't have time to work on a new version (I am also the
upstream maintainer), because I will go on holiday this weekend for 3
weeks. When I get back I will start working on an updated version.
Please feel free to use the Debian BTS when you find more bugs.
> Gmanedit includes several buffer overflows. It needs to be audited
> seriously, user input is never checked. Here are the ones i found :
> * Launch the wizard, click all the boxes, complete the wizard. Check
> for "cad" in the source, it's where the problem is, it should
> be increased ; it fixes the problem, but it's ugly.
> * Launch the wizard, type a very long line in title or name of the
> manpage. At first the UI doesn't limit the number of characters
> you can enter, then the code handles it badly.
> * Open preferences, flood the inputbox.
> * Same like above, but this time it comes from the rc file. Just fill the
> "COMMAND=" parameters with a lot of characters.
> * Fill the editor with a 200kb file, then try to see the man ("view
> created page").
I took a look at these and they are definitely bugs but not
security issues. At least I currently see no way how an
attacker could use these bugs to exploit a victim. Loading
files with long titles works fine for example. I'll continue
to have a look at the rest of the code.