Hi!
When I am debugging my little program which used
libnewt,I found a possible buffer overflow in libnewt.
libnewt is widely used by configuration program in
redhat.Because there is no suid program use libnewt
in my redhat 6.2 environment,it seems this bug can't
be used to gain root.But if there is any suid program
use libnewt,it is dangerous.
The following is my patch for libnewt 0.5.33.
I have mailed the author of libnewt about a week ago,
but I have got no reply.
diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c
— newt-0.50.33/newt.c Wed Apr 4 03:33:10 2001
+++ newt-0.50.33-n/newt.c Tue Mar 19 21:41:24
2002
@@ -331,6 +331,8 @@
}
*chptr++ = key;
if(chptr-buf>8)
break;
/* this search should use bsearch(), but when
we only look through
a list of 20 (or so) keymappings, it's probably
faster just to