Menu

A memory leak in bzip2recover

taolaw
2019-06-01
2020-06-26
  • taolaw

    taolaw - 2019-06-01

    A memory leak in line 430 of bzip2recover.c

    In the bsOpenReadStream function, the memory pointer is obtained by malloc and finally assigned to bsIn, but since there is no free memory pointer, the memory leak is eventually caused.
    1
    2
    When reading some special bz2 files, it will cause the program to crash, as follows
    3
    An attacker can cause a target service denial of service by uploading or sending a specially constructed bz2 file.

    Attachments is the sample file.

    In addition, I found that there are many dangerous functions in the code, like strcpy, strcat, but I have not found any problems with them, but I think this is not a good code, such as 349 lines of

    strcpy ( inFileName, argv[1] );
    

    Although there is length verification on the above, but when I try to input the giant long parameters, the program is completely unresponsive. I hope you can adopt this suggestion, thank you!

     
  • Sam Tansy

    Sam Tansy - 2020-04-28

    You'd better report it on bzip2 bugzilla as bzip2 moved definitely to sourceware.

     
  • Sam Tansy

    Sam Tansy - 2020-06-26

    It seems to be fixed already in v1.0.8.

     

    Last edit: Sam Tansy 2020-06-29

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.