group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1641592] Re: nano 2.5.3-2 on Xenial crashes with long paths on lockfiles

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1641592@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Feb 2017 20:36:29 -0000
Reply-to: Bug 1641592 <1641592@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package nano - 2.5.3-2ubuntu2

---------------
nano (2.5.3-2ubuntu2) xenial-proposed; urgency=medium

  * Apply upstream patch to allocate enough space for the prompt when finding
    a lock file. (LP: #1641592)

 -- Brian Murray <brian@xxxxxxxxxx>  Tue, 14 Feb 2017 15:10:03 -0800

** Changed in: nano (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1641592

Title:
  nano 2.5.3-2 on Xenial crashes with long paths on lockfiles

Status in nano package in Ubuntu:
  Fix Released
Status in nano source package in Xenial:
  Fix Released

Bug description:
  # lsb_release -rd
  Description:    Ubuntu 16.04.1 LTS
  Release:        16.04
  # apt-cache policy nano
  nano:
    Installed: 2.5.3-2
    Candidate: 2.5.3-2

  Reproducer:
  1. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999
  2. <ctrl-z>
  3. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999
  4. <answer y/n to the lockfile question>
  5. <nano should segfault>

  Quick dissection:
  Looking at function do_lockfile in files.c, it seems that promptstr is statically allocated to 128 characters. Now with a sufficiently long filename, the following sprintf() call will overflow the allocated promptstr buffer and corrupt memory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+subscriptions