nano 2.5.3-2 on Xenial crashes with long paths on lockfiles
Bug #1641592 reported by
Antti Tönkyrä
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nano (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Xenial |
Fix Released
|
High
|
Brian Murray |
Bug Description
# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
# apt-cache policy nano
nano:
Installed: 2.5.3-2
Candidate: 2.5.3-2
Reproducer:
1. # nano -G 999999999999999
2. <ctrl-z>
3. # nano -G 999999999999999
4. <answer y/n to the lockfile question>
5. <nano should segfault>
Quick dissection:
Looking at function do_lockfile in files.c, it seems that promptstr is statically allocated to 128 characters. Now with a sufficiently long filename, the following sprintf() call will overflow the allocated promptstr buffer and corrupt memory.
summary: |
- nano 2.5.3-2 on Xenial crashes when trying to access a lockfile + nano 2.5.3-2 on Xenial crashes with long paths on lockfiles |
Changed in nano (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in nano (Ubuntu Xenial): | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in nano (Ubuntu): | |
status: | Triaged → Fix Released |
To post a comment you must log in.
This is a duplicate of upstream bug https:/ /savannah. gnu.org/ bugs/?47511 .
The problem was fixed in git, commit fb9585e. See attached patch. The fix is in version 2.6.0 and higher.
Thanks for reporting.