prboom3ds icon indicating copy to clipboard operation
prboom3ds copied to clipboard

Published 20 hours ago verified publisher icon elhobbs

Fix buffer overflow in M_LoadDefaults

Open AXDOOMER opened this issue 4 years ago • 6 comments

If fscanf doesn't limit the number of characters to be read, it can lead to a buffer overflow which allows for arbitrary code execution.

CVE-2020-15007: https://nvd.nist.gov/vuln/detail/CVE-2020-15007

AXDOOMER avatar Jun 26 '20 03:06 AXDOOMER

This will be merged?

allanvobraun avatar Sep 25 '20 17:09 allanvobraun

This seems like a non-issue to me. Is this causing an actual problem? Considering this port is for a device that you have to hack in order to run this - maybe not that big of a concern?

On Sep 25, 2020, at 1:43 PM, allanvobraun [email protected] wrote:

 This will be merged?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

elhobbs avatar Sep 25 '20 23:09 elhobbs

Why would you not want to fix a bug that can lead to a crash?

AXDOOMER avatar Sep 27 '20 17:09 AXDOOMER

I am less concerned about issues where it could crash and more concerned about the issues where it does crash - there are a lot of those.

On Sep 27, 2020, at 1:57 PM, Alexandre-Xavier Labonté-Lamoureux [email protected] wrote:

 Why would you not want to fix a bug that can lead to a crash?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

elhobbs avatar Sep 28 '20 02:09 elhobbs

Seems like a pretty bad reasoning since you could press the merge button and you'd instantly have one less bug in your codebase.

AXDOOMER avatar Sep 29 '20 22:09 AXDOOMER

You are not wrong. I likely will merge the change. I am not really in a rush do this as it will provide no actual benefit. Mostly I just found the issue and link to the cve to be a little ironic given the homebrew context.

The thought of someone going to the effort of creating a malformed file to inject code into a 3ds port of prboom makes me smile a little. And as I said earlier there are a ton of ways to make this crash already - making manual edits to these files when you don’t know what you are doing ... not really a big concern for me.

Keep in mind the source is all on git. Feel free to create your own fork and add actual features. I don’t really do much with this port at this point. And there is certainly a lot of room for improvement.

On Sep 29, 2020, at 6:38 PM, Alexandre-Xavier Labonté-Lamoureux [email protected] wrote:

 Seems like a pretty bad reasoning since you could press the merge button and you'd instantly have one less bug in your codebase.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

elhobbs avatar Sep 30 '20 11:09 elhobbs