Bug#833649: scalpel: no check for overflow while reading patterns

ydirson at free.fr ydirson at free.fr
Sun Aug 7 13:48:31 UTC 2016

Package: scalpel
Version: 1.60-1
Severity: important

Although the buffer used to hold a line is larger than in the original
foremost code, it still does not check that the buffer really holds a
complete line, and strtok will happily corrupt data outside of the
buffer when a line is large enough.  Checking the output of fgets
ought to be sufficient to catch the problem and tell the user to

See #833639 for the foremost bug.

Also note that 2.0 is no better in this respect.

Also note that processSearchSpecLine hardcodes a 6 in the tokenarray
malloc call, instead of using NUM_SEARCH_SPEC_ELEMENTS.

More information about the forensics-devel mailing list