#9 nvram-wakeup crashes on Ubuntu 9.04 (Jaunty)

closed-fixed
nobody
None
5
2009-05-17
2009-04-28
Andy
No

I was using nvram-wakeup successfully on Ubuntu 8.10 (Hardy.) I've upgraded to 9.04 Jaunty and nvram-wakeup crashes.

Commenting out the call to xxd in main fixes the issue, so it appears there is a problem with this routine.

Discussion

  • Kees Cook
    Kees Cook
    2009-05-17

    This patch fixes the problem...

    Description: fix the 1-byte buffer overflow in xxd()
    Author: Kees Cook <kees@ubuntu.com>
    Ubuntu: https://bugs.edge.launchpad.net/bugs/370261
    Upstream: https://sourceforge.net/tracker/?func=detail&aid=2782757&group_id=35022&atid=412755

    --- nvram-wakeup-0.99b.orig/tools.c
    +++ nvram-wakeup-0.99b/tools.c
    @@ -30,6 +30,7 @@
    #include <errno.h>
    #include <string.h>
    #include <ctype.h>
    +#include <assert.h>

    #include "nvram-wakeup.h"

    @@ -163,7 +164,7 @@

    void xxd(unsigned char * bytes, int size, int loglevel) {
    int i,pos;
    - char out_line[49];
    + char out_line[50];

    for (i=0;i<=((size-1) / 16);i++) {
    sprintf(out_line, "%06X0: %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X %02X%02X\n", i,
    @@ -173,6 +174,7 @@
    bytes[16*i+12], bytes[16*i+13], bytes[16*i+14], bytes[16*i+15] );
    if (size < (i+1)*16 ) {
    pos = ((size&0xF)>>1)*5 + (size&1)*3 + 8;
    + assert(pos+1 < 50);
    out_line[pos]='\n';
    out_line[pos+1]=0;
    }

     
  • Tobias Grimm
    Tobias Grimm
    2009-05-17

    Thanks! Kees Cook kindly provided a patch for this. It will be fixed in the next release.

     
  • Tobias Grimm
    Tobias Grimm
    2009-05-17

    • status: open --> closed-fixed