Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:2695
HistoryMar 29, 2002 - 12:00 a.m.

A possible buffer overflow in libnewt

2002-03-2900:00:00
vulners.com
13

Hi!

When I am debugging my little program which used

libnewt,I found a possible buffer overflow in libnewt.

libnewt is widely used by configuration program in

redhat.Because there is no suid program use libnewt

in my redhat 6.2 environment,it seems this bug can't

be used to gain root.But if there is any suid program

use libnewt,it is dangerous.

The following is my patch for libnewt 0.5.33.

I have mailed the author of libnewt about a week ago,

but I have got no reply.

diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c

— newt-0.50.33/newt.c Wed Apr 4 03:33:10 2001

+++ newt-0.50.33-n/newt.c Tue Mar 19 21:41:24

2002

@@ -331,6 +331,8 @@

    }



    *chptr++ = key;
  •   if(chptr-buf>8)
    
  •           break;
    
    
    
      /* this search should use bsearch(), but when 
    

we only look through

       a list of 20 (or so) keymappings, it's probably 

faster just to