Bug#833649: scalpel: no check for overflow while reading patterns
ydirson at free.fr
ydirson at free.fr
Sun Aug 7 13:48:31 UTC 2016
Package: scalpel
Version: 1.60-1
Severity: important
Although the buffer used to hold a line is larger than in the original
foremost code, it still does not check that the buffer really holds a
complete line, and strtok will happily corrupt data outside of the
buffer when a line is large enough. Checking the output of fgets
ought to be sufficient to catch the problem and tell the user to
increase MAX_STRING_LENGTH.
See #833639 for the foremost bug.
Also note that 2.0 is no better in this respect.
Also note that processSearchSpecLine hardcodes a 6 in the tokenarray
malloc call, instead of using NUM_SEARCH_SPEC_ELEMENTS.
More information about the forensics-devel
mailing list