X2Go Bug report logs - #777
nx-libs: incorrect usage of scanf

version graph

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Heinrich Schuchardt <xypron.glpk@gmx.de>

Date: Fri, 30 Jan 2015 19:40:01 UTC

Severity: normal

Found in version head

Done: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#777; Package nx-libs. (Fri, 30 Jan 2015 19:40:01 GMT) (full text, mbox, link).


Acknowledgement sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
New Bug report received and forwarded. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Fri, 30 Jan 2015 19:40:02 GMT) (full text, mbox, link).


Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: submit@bugs.x2go.org
Subject: nx-libs: incorrect usage of scanf
Date: Fri, 30 Jan 2015 20:35:53 +0100
package: nx-libs
version: head

In different parts of the nx-libs library you can find usages of scanf like

   /* check for MESA_GAMMA environment variable */
   gamma = _mesa_getenv("MESA_GAMMA");
   if (gamma) {
      v->RedGamma = v->GreenGamma = v->BlueGamma = 0.0;
      sscanf( gamma, "%f %f %f", &v->RedGamma, &v->GreenGamma,
&v->BlueGamma );

According to cppcheck:

scanf without field width limits can crash with huge input data on libc
versions older than 2.13-25. Add a field width specifier to fix this
problem:
    %i => %3i


Best regards

Heinrich Schuchardt


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#777; Package nx-libs. (Sat, 31 Jan 2015 15:05:02 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Sat, 31 Jan 2015 15:05:03 GMT) (full text, mbox, link).


Message #10 received at 777@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>, 777@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf
Date: Sat, 31 Jan 2015 15:04:21 +0000
[Message part 1 (text/plain, inline)]
Hi Heinrich,

On  Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:

> package: nx-libs
> version: head
>
> In different parts of the nx-libs library you can find usages of scanf like
>
>    /* check for MESA_GAMMA environment variable */
>    gamma = _mesa_getenv("MESA_GAMMA");
>    if (gamma) {
>       v->RedGamma = v->GreenGamma = v->BlueGamma = 0.0;
>       sscanf( gamma, "%f %f %f", &v->RedGamma, &v->GreenGamma,
> &v->BlueGamma );
>
> According to cppcheck:
>
> scanf without field width limits can crash with huge input data on libc
> versions older than 2.13-25. Add a field width specifier to fix this
> problem:
>     %i => %3i

Any chance you could also provide a patch for this?

Mike

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#777; Package nx-libs. (Mon, 02 Feb 2015 20:45:02 GMT) (full text, mbox, link).


Acknowledgement sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Mon, 02 Feb 2015 20:45:02 GMT) (full text, mbox, link).


Message #15 received at 777@bugs.x2go.org (full text, mbox, reply):

From: Heinrich Schuchardt <xypron.glpk@gmx.de>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 777@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf
Date: Mon, 02 Feb 2015 21:39:50 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Squeeze reached end of life.
Package libc6 in wheezy is patched against the bug.
Package libc6 in jessie is not vulnerable as it uses a newer libc6
release.

So I think we should close this bug and concentrate on updating our
mesa code to the newest version instead of patching some old version.

Best regards

Heinrich

On 31.01.2015 16:04, Mike Gabriel wrote:
> Hi Heinrich,
> 
> On  Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
> 
>> package: nx-libs version: head
>> 
>> In different parts of the nx-libs library you can find usages of
>> scanf like
>> 
>> /* check for MESA_GAMMA environment variable */ gamma =
>> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma =
>> v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f",
>> &v->RedGamma, &v->GreenGamma, &v->BlueGamma );
>> 
>> According to cppcheck:
>> 
>> scanf without field width limits can crash with huge input data
>> on libc versions older than 2.13-25. Add a field width specifier
>> to fix this problem: %i => %3i
> 
> Any chance you could also provide a patch for this?
> 
> Mike
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUz+CVAAoJEMSB27wsBRrE4mUP/j3JjSvGQ6chMdlCaQd94Ar6
LIBJvEeS9ZiR/rgFFaXdqUMzZVzYs2bm4Vvp0LlY9iUVFbhCgKQimRhLVq26A1iT
5EtJOFRu51Fzrd1y6Nk00PBKCqbsWSJwI81TUKnckjaCo3QyobWyMqqI75eXjMSf
RSWIGWgtLznPMqvByoKEnndDQjrCBBeMPBF7sinBw5ZM994Ff9VobHv7vXUYwvrY
mXlIgiuVf/6ztFTnwCsDD1hRreOk4BBTgp4tPsVqwB/06l8OvnaeBfD35BOSJ8Ns
AKwbxeRSNFOS4UP01zAgAsTMblzabyKnzS57lGomYQp3RB8c3K9DyUnk6CVSlBlN
AI7fjnaQEW9qL4d8UBRsQlZ7b9vryavNtUY7UyPtVMuXXA0WaewZIGUUpI5odtvd
WAoe0DEY2i+dW3ByIuGC1mH7ujgSLZGuke1gGdODlaLiExDsmm5P6hmIv+xE9gNQ
RBk5pYSx3H75Hckm2yTxhNx/9NcwJbjHa1pwa8Lz6r63/Ssa6TQhxuGsFH2l49iZ
YYbLHEP1s0FKQWxtE1B3NOYLeOwiCP4l7+qJ/KUZnmGCep2L4xC88OP1WMPn4+t6
vfoGkAHr9x0Ii7eP7fFaBEpImlx6dWI9mtZcSRfKfq/OhjAQPMspv7rl149i+1Iu
8OfiW4rp02zs54r92ejJ
=2gk9
-----END PGP SIGNATURE-----


Information forwarded to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>:
Bug#777; Package nx-libs. (Fri, 15 May 2015 13:13:12 GMT) (full text, mbox, link).


Acknowledgement sent to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>. (Fri, 15 May 2015 13:13:12 GMT) (full text, mbox, link).


Message #20 received at 777@bugs.x2go.org (full text, mbox, reply):

From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
To: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: 777@bugs.x2go.org
Subject: Re: [X2Go-Dev] Bug#777: nx-libs: incorrect usage of scanf
Date: Fri, 15 May 2015 13:11:21 +0000
[Message part 1 (text/plain, inline)]
Control: close -1

Closing (and agreeing on this) by use request.

Mike

On  Mo 02 Feb 2015 21:39:50 CET, Heinrich Schuchardt wrote:

> Squeeze reached end of life.
> Package libc6 in wheezy is patched against the bug.
> Package libc6 in jessie is not vulnerable as it uses a newer libc6
> release.
>
> So I think we should close this bug and concentrate on updating our
> mesa code to the newest version instead of patching some old version.
>
> Best regards
>
> Heinrich
>
> On 31.01.2015 16:04, Mike Gabriel wrote:
>> Hi Heinrich,
>>
>> On  Fr 30 Jan 2015 20:35:53 CET, Heinrich Schuchardt wrote:
>>
>>> package: nx-libs version: head
>>>
>>> In different parts of the nx-libs library you can find usages of
>>> scanf like
>>>
>>> /* check for MESA_GAMMA environment variable */ gamma =
>>> _mesa_getenv("MESA_GAMMA"); if (gamma) { v->RedGamma =
>>> v->GreenGamma = v->BlueGamma = 0.0; sscanf( gamma, "%f %f %f",
>>> &v->RedGamma, &v->GreenGamma, &v->BlueGamma );
>>>
>>> According to cppcheck:
>>>
>>> scanf without field width limits can crash with huge input data
>>> on libc versions older than 2.13-25. Add a field width specifier
>>> to fix this problem: %i => %3i
>>
>> Any chance you could also provide a patch for this?
>>
>> Mike
>>


-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]

Marked Bug as done Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de> to 777-submit@bugs.x2go.org. (Fri, 15 May 2015 13:13:12 GMT) (full text, mbox, link).


Notification sent to Heinrich Schuchardt <xypron.glpk@gmx.de>:
Bug acknowledged by developer. (Fri, 15 May 2015 13:13:12 GMT) (full text, mbox, link).


Bug archived. Request was from Debbugs Internal Request <owner@bugs.x2go.org> to internal_control@bugs.x2go.org. (Sat, 13 Jun 2015 05:24:01 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Sun Oct 20 18:57:24 2019; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.