From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)
Description of problem:
Last November a bug was found in iproute, CAN-2003-0856. Busybox has
taken the same code from iproute-2.4.7 libnetlink.c and adjusted its
error message functions. The code in busybox was never updated when
the libnetlink vulnerability was discovered. Therefore it might be
susceptable to the same kind of attack.
There is also 2 other programming bugs. One being a potential buffer
overflow in dos2unix.c.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Found during code review.
I will attach a patch to this bug report.
Created attachment 99913 [details]
Patch that addresses the problems.
Please apply and test.
Created attachment 100039 [details]
I re-reviewed the patch and found that the buffer overflow was not completely
handled. It needed to check for BUFSIZE-3. BUFSIZE-1 is the last addressable
byte, the loop increments the index by 2. That is why it needed to be
BUFSIZE-3. This revised patch has been accepted by the upstream author.
Upgrading to busybox-1.0.0.rc1 should fix this problem.
Will be in Rawhide tomorrow.