A possible buffer overflow in libnewt

Type securityvulns
Reporter Securityvulns
Modified 2002-03-29T00:00:00



When I am debugging my little program which used

libnewt,I found a possible buffer overflow in libnewt.

libnewt is widely used by configuration program in

redhat.Because there is no suid program use libnewt

in my redhat 6.2 environment,it seems this bug can't

be used to gain root.But if there is any suid program

use libnewt,it is dangerous.

The following is my patch for libnewt 0.5.33.

I have mailed the author of libnewt about a week ago,

but I have got no reply.

diff -ur newt-0.50.33/newt.c newt-0.50.33-n/newt.c

--- newt-0.50.33/newt.c Wed Apr 4 03:33:10 2001

+++ newt-0.50.33-n/newt.c Tue Mar 19 21:41:24


@@ -331,6 +331,8 @@


    *chptr++ = key;
  • if(chptr-buf>8)

  • break;

    /* this search should use bsearch(), but when

we only look through

       a list of 20 (or so) keymappings, it's probably

faster just to