[Bug 1641592] Re: nano 2.5.3-2 on Xenial crashes with long paths on lockfiles

Chris J Arges 1641592 at bugs.launchpad.net
Wed Feb 15 14:32:43 UTC 2017 

Hello Antti, or anyone else affected,

Accepted nano into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/nano/2.5.3-2ubuntu2 in
a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: nano (Ubuntu Xenial)
       Status: Triaged => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nano in Ubuntu.
https://bugs.launchpad.net/bugs/1641592

Title:
  nano 2.5.3-2 on Xenial crashes with long paths on lockfiles

Status in nano package in Ubuntu:
  Fix Released
Status in nano source package in Xenial:
  Fix Committed

Bug description:
  # lsb_release -rd
  Description:    Ubuntu 16.04.1 LTS
  Release:        16.04
  # apt-cache policy nano
  nano:
    Installed: 2.5.3-2
    Candidate: 2.5.3-2

  Reproducer:
  1. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999
  2. <ctrl-z>
  3. # nano -G 999999999999999999999999999999999999999999999999999999999999999999999999999
  4. <answer y/n to the lockfile question>
  5. <nano should segfault>

  Quick dissection:
  Looking at function do_lockfile in files.c, it seems that promptstr is statically allocated to 128 characters. Now with a sufficiently long filename, the following sprintf() call will overflow the allocated promptstr buffer and corrupt memory.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+subscriptions

More information about the foundations-bugs mailing list