Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1216122452.9537.6.camel@iankko.englab.brq.redhat.com>
Date: Tue, 15 Jul 2008 13:47:32 +0200
From: Jan Lieskovsky <jlieskov@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE id request: byacc

Hello,

  there is already for a long time known 
possible out of allocated stack bounds access in yacc.

Description of problem:
=======================

Otto Moerbeck has reported the following potential out of bounds of the
allocated stack access in the yacc binary:

Fix an venerable bug: if we're reducing a rule that has an empty
right hand side and the yacc stackpointer is pointing at the very
end of the allocated stack, we end up accessing the stack out of
bounds by the implicit $$ = $1 action.  Detected by my new malloc,
experienced by sturm@ on sparc64; ok deraadt@

Public mention of this issue:
=============================

http://marc.info/?l=openbsd-cvs&m=121553004431393&w=2

Proposed OpenBSD patch:
=======================

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/yacc/skeleton.c.diff?r1=1.28&r2=1.29

Steve, could you please allocate a CVE identifier,
we could use for future references to this one?

Thank you in advance!

Kind regards
Jan iankko Lieskovsky
RH Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.