Ubuntu
lrzsz package

buffer overflow bug?

Asked by Felipe Gasper on 2017-09-27

There’s a buffer overflow bug in lrzsz’s zsdata() function: if the length of the data to be sent is 0, then we spit out roughly 55,000 bytes.

There’s a patch here: https://github.com/gooselinux/lrzsz/blob/master/lrzsz-0.12.20.patch

Where is the canonical repo for lrzsz now? Uwe Ohse doesn’t seem to maintain it actively anymore.

Question information

Language:: English Edit question

Status:: Answered

For:: Ubuntu lrzsz Edit question

Assignee:: No assignee Edit question

Last query:: 2017-09-27

Last reply:: 2017-09-27

Revision history for this message

actionparsnip (andrew-woodhead666) said on 2017-09-27:

#1

I suggest you report a bug. You can add the patch as a solution.

Revision history for this message

Felipe Gasper (felipegasper) said on 2017-09-27:

#2

@actionparsnip OK. I was hoping to fix it upstream so it might propagate to other platforms, but every little bit helps.

Can you help with this problem?

Provide an answer of your own, or ask Felipe Gasper for more information if necessary.

To post a message you must log in.

Ask a question

Edit question

Subscribers