links: CVE-2017-11114

Debian Bug report logs - #870299
links: CVE-2017-11114

Reply or subscribe to this bug.

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: László Böszörményi (GCS) <gcs@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: links: CVE-2017-11114

Date: Mon, 31 Jul 2017 20:39:38 +0200

Source: links2
Version: 2.14-2
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for links.

CVE-2017-11114[0]:
The put_chars function in html_r.c in Links 2.14 can cause a denial of
service (buffer over-read) via a crafted html file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11114
[1] http://seclists.org/fulldisclosure/2017/Jul/76

Regards,
Laszlo/GCS

Message #8 received at 870299-forwarded@bugs.debian.org (full text, mbox, reply):

From: Axel Beckert <abe@debian.org>

To: Mikulas Patocka <mikulas@twibright.com>

Cc: 870299-forwarded@bugs.debian.org, 870299-submitter@bugs.debian.org

Subject: Fwd: Bug#870299: links: CVE-2017-11114 [origin: gcs@debian.org]

Date: Mon, 31 Jul 2017 20:48:59 +0200

[Message part 1 (text/plain, inline)]

Hi Mikulas,

not sure if you received that bug report already, too.

		Regards, Axel
-- 
 ,''`.  |  Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

[Message part 2 (message/rfc822, inline)]

From: László Böszörményi (GCS) <gcs@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: Bug#870299: links: CVE-2017-11114

Date: Mon, 31 Jul 2017 20:39:38 +0200

Source: links2
Version: 2.14-2
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for links.

CVE-2017-11114[0]:
The put_chars function in html_r.c in Links 2.14 can cause a denial of
service (buffer over-read) via a crafted html file.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-11114
[1] http://seclists.org/fulldisclosure/2017/Jul/76

Regards,
Laszlo/GCS

[signature.asc (application/pgp-signature, inline)]

Message #12 received at 870299-forwarded@bugs.debian.org (full text, mbox, reply):

From: Mikulas Patocka <mikulas@twibright.com>

To: Axel Beckert <abe@debian.org>

Cc: 870299-forwarded@bugs.debian.org, 870299-submitter@bugs.debian.org

Subject: Re: Fwd: Bug#870299: links: CVE-2017-11114 [origin: gcs@debian.org]

Date: Sun, 6 Aug 2017 01:37:25 +0200 (CEST)

On Mon, 31 Jul 2017, Axel Beckert wrote:

> Hi Mikulas,
> 
> not sure if you received that bug report already, too.
> 
> 		Regards, Axel

Hi

Here I send a patch for this bug.

Mikulas



commit fee5dca79a93a37024e494b985386a5fe60bc1b7
Author: Mikulas Patocka <mikulas@twibright.com>
Date:   Wed Aug 2 20:13:29 2017 +0200

    Fix read out of memory in case of corrupted UTF-8 data

---
 charsets.c |   37 +------------------------------------
 links.h    |    9 ++++-----
 2 files changed, 5 insertions(+), 41 deletions(-)

Index: links-2.14/charsets.c
===================================================================
--- links-2.14.orig/charsets.c
+++ links-2.14/charsets.c
@@ -215,41 +215,6 @@ static struct conv_table *get_translatio
 	return utf_table;
 }
 
-unsigned short int utf8_2_uni_table[0x200] = {
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 128,	0, 0, 0, 192,	0,
-	0, 0, 256,	0, 0, 0, 320,	0, 0, 0, 384,	0, 0, 0, 448,	0,
-	0, 0, 512,	0, 0, 0, 576,	0, 0, 0, 640,	0, 0, 0, 704,	0,
-	0, 0, 768,	0, 0, 0, 832,	0, 0, 0, 896,	0, 0, 0, 960,	0,
-	0, 0, 1024,	0, 0, 0, 1088,	0, 0, 0, 1152,	0, 0, 0, 1216,	0,
-	0, 0, 1280,	0, 0, 0, 1344,	0, 0, 0, 1408,	0, 0, 0, 1472,	0,
-	0, 0, 1536,	0, 0, 0, 1600,	0, 0, 0, 1664,	0, 0, 0, 1728,	0,
-	0, 0, 1792,	0, 0, 0, 1856,	0, 0, 0, 1920,	0, 0, 0, 1984,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-	0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0, 0, 0, 0,	0,
-};
-
 unsigned char utf_8_1[256] = {
 	6, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
 	7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
@@ -269,7 +234,7 @@ unsigned char utf_8_1[256] = {
 	3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 1, 1, 6, 6,
 };
 
-static_const unsigned min_utf_8[9] = {
+static_const unsigned min_utf_8[8] = {
 	0, 0x4000000, 0x200000, 0x10000, 0x800, 0x80, 0x100, 0x1,
 };
 
Index: links-2.14/links.h
===================================================================
--- links-2.14.orig/links.h
+++ links-2.14/links.h
@@ -3906,15 +3906,14 @@ unsigned char *cp_strchr(int charset, un
 void init_charset(void);
 
 unsigned get_utf_8(unsigned char **p);
-extern unsigned short int utf8_2_uni_table[0x200];
 #define GET_UTF_8(s, c)							\
 do {									\
 	if ((unsigned char)(s)[0] < 0x80)				\
 		(c) = (s)++[0];						\
-	else if (((c) = utf8_2_uni_table[((unsigned char)(s)[0] << 2) +	\
-				((unsigned char)(s)[1] >> 6) - 0x200]))	\
-		(c) += (unsigned char)(s)[1] & 0x3f, (s) += 2;		\
-	else								\
+	else if ((unsigned char)(s)[0] >= 0xc2 && (unsigned char)(s)[0] < 0xe0 &&\
+	         ((unsigned char)(s)[1] & 0xc0) == 0x80) {		\
+		(c) = (unsigned char)(s)[0] * 0x40 + (unsigned char)(s)[1], (c) -= 0x3080, (s) += 2;\
+	} else								\
 		(c) = get_utf_8(&(s));					\
 } while (0)
 #define FWD_UTF_8(s)							\

Message #24 received at 870299-close@bugs.debian.org (full text, mbox, reply):

From: Axel Beckert <abe@debian.org>

To: 870299-close@bugs.debian.org

Subject: Bug#870299: fixed in links2 2.14-3

Date: Sun, 06 Aug 2017 15:19:49 +0000

Source: links2
Source-Version: 2.14-3

We believe that the bug you reported is fixed in the latest version of
links2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 870299@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert <abe@debian.org> (supplier of updated links2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 06 Aug 2017 16:45:50 +0200
Source: links2
Binary: links2 links
Architecture: source amd64
Version: 2.14-3
Distribution: unstable
Urgency: medium
Maintainer: Axel Beckert <abe@debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Description:
 links      - Web browser running in text mode
 links2     - Web browser running in both graphics and text mode
Closes: 861335 870299
Changes:
 links2 (2.14-3) unstable; urgency=medium
 .
   [ Helmut Grohne ]
   * Fix FTCBFS: Tell ancient configure about the correct CC. (Closes:
     #861335)
 .
   [ Mikulas Patocka ]
   * Fix read out of memory in case of corrupted UTF-8 data. (Closes:
     #870299, CVE-2017-11114)
 .
   [ Axel Beckert ]
   * Add lintian override for not misspelled French word "rouge".
   * Declare compliance with Debian Policy 4.0.1.
     + Switch debian copyright format declaration to HTTPS URL.
     + Replace full text of MPL 2.0 with pointer to
       /usr/share/common-licenses/MPL-2.0.
Checksums-Sha1:
 b815d8d42f07f68df50a43cda7c4b084c7430d15 2098 links2_2.14-3.dsc
 88446cd5eec1a0fbd07fdb8639b2ab4eaf99ccac 14940 links2_2.14-3.debian.tar.xz
 9e3922a746ad5994ad0c93e76d06d0db848ff2dd 808358 links-dbgsym_2.14-3_amd64.deb
 522048154f6c57c2c0ab7aac2ddd5507406f13d8 1370730 links2-dbgsym_2.14-3_amd64.deb
 4863fc4411a3f1aa5c06e087b26c522237c00f89 11843 links2_2.14-3_amd64.buildinfo
 8efb80f1acc6d2a5c2901f2c103914b0f6927635 3009544 links2_2.14-3_amd64.deb
 f9cfb7d7447b720ddb0fcb5433d6d2e882cc657b 539652 links_2.14-3_amd64.deb
Checksums-Sha256:
 555120fc2ac74d3948ea1618d30cb36db8e4116fad1203e3d2623203c384d62f 2098 links2_2.14-3.dsc
 f60f29d2c46c8980e3ad458d4b52cf1684e3ede3e31abb78fec4577ab16620c2 14940 links2_2.14-3.debian.tar.xz
 fe2e2bb233e4fd0c321620f051bd8901bba756b4d567ce0c5472df82fa82f88d 808358 links-dbgsym_2.14-3_amd64.deb
 015f008327123314004cd3b50124b81f48508d69924299c7b82d407a905ff974 1370730 links2-dbgsym_2.14-3_amd64.deb
 6256ceb03d43fa63ff43101e9e5712160fb9ad879bc497e20ba363ca7abdf49f 11843 links2_2.14-3_amd64.buildinfo
 176eb4e044a75ee02dabd87ef6b1fb8bf5577fb4781351808a196ef94be1f1dd 3009544 links2_2.14-3_amd64.deb
 be20266ba3c87e8dd1ea6d9cf60692dd364403649ac509b14e42f14ccb124407 539652 links_2.14-3_amd64.deb
Files:
 498ac132c0699b4a7b5ec89e68853ff5 2098 web optional links2_2.14-3.dsc
 800fc3ffdd70edc99c487a2bb472c89f 14940 web optional links2_2.14-3.debian.tar.xz
 2cb47937b6506a4ff80d0779aaf74e10 808358 debug extra links-dbgsym_2.14-3_amd64.deb
 7c388133673f77292e41e5d7bcabffe2 1370730 debug extra links2-dbgsym_2.14-3_amd64.deb
 07de91c792e8b5ef455a2c86fe6f4a6e 11843 web optional links2_2.14-3_amd64.buildinfo
 2f3363c63ee7ab3ef43f206362b7bd4a 3009544 web optional links2_2.14-3_amd64.deb
 3811d89279281143a4609ee46cda83ed 539652 web optional links_2.14-3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlmHLLoACgkQa+Zjx1o1
yXWJ8BAAwPT3NoirCaLp8CQIITP1PQJ+t4QKE7O8y6CyAqo3JEIQ/9xGmF8hUj4V
TjJCk9aaqXgrWUgwKqjOFnJ5kR2kg9EalgI5RGUENo36Yr9Qz/Ic6Yp8yjoolHgu
LR8S1Uw5W/7hH97zXlAoVVc8OTuDY/g1Luq5oT744IwyLct0iLZGGOTrViFDkogl
zNRXvyld8y8tFzHNj2oz2YGzzBiyCIq1RW3WuPKTxWpUbJNPvEZt9uIO70u8p6Kn
CUmnV7hdSvv1J1EBXlDXUm3uiIcaMqEeQF89cerc7JtSS/4fLjUy23h0VvWORyHP
iEuS/0YpcLKMMvRDpGCt0xHJBP9wvxnv7Y1+FTCE8dJwhAe1uWw9AhoTV/QMlhzh
PgJGHVE1yyJ8m3vEsrqN99JXxfxRxSQuN4e/cYr/qoeBP/Mb9S/rud/AmlVEP7Gy
XF8CsQiMhXc7n8H4vmxihXYnCnJYUI/zhZF3EBMrAPxd9kB8O9Ou2a9x8DrSEQGS
6XgReNmsLKCZdTc9CeEqXQ3xC3yUqWSriD6RFFeqo7O3fIWepbeuzVPb545idguC
hwWprZA7m+1mZrgHMxCSjjT9BhWsuBtrBtjj/IlmCndpb7pOYaYyVcW8fqFe884I
1yD/LbTa0gd0VyMaytmHBJyDNCdpo0L9UeVNf+TuUi9KasR34Ig=
=Qdho
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.