buffer overflow bug?

Asked by Felipe Gasper on 2017-09-27

There’s a buffer overflow bug in lrzsz’s zsdata() function: if the length of the data to be sent is 0, then we spit out roughly 55,000 bytes.

There’s a patch here: https://github.com/gooselinux/lrzsz/blob/master/lrzsz-0.12.20.patch

Where is the canonical repo for lrzsz now? Uwe Ohse doesn’t seem to maintain it actively anymore.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu lrzsz Edit question
Assignee:
No assignee Edit question
Last query:
2017-09-27
Last reply:
2017-09-27

I suggest you report a bug. You can add the patch as a solution.

Felipe Gasper (felipegasper) said : #2

@actionparsnip OK. I was hoping to fix it upstream so it might propagate to other platforms, but every little bit helps.

Can you help with this problem?

Provide an answer of your own, or ask Felipe Gasper for more information if necessary.

To post a message you must log in.