twin-e icon indicating copy to clipboard operation
twin-e copied to clipboard
verified publisher icon LBALab

fcaseopen.c buffer overflow

Open minerscale opened this issue 2 years ago • 1 comments

Hi!

Whilst trying to open a file case-insensitively I came across a codebase that seemed to do the job. But clang's address sanitizer was having none of it! It turns out that there is an off by one error in the buffer size allocation of fcaseopen causing a null terminator to be strcpy'd into unmanaged memory. I reported the problem to the original project but I decided I'd also let everyone I could find who still had the vulnerability floating around copies of it know as well.

You can find more information about it here: https://github.com/OneSadCookie/fcaseopen/issues/2

Thanks, Aaron.

minerscale avatar Dec 29 '23 17:12 minerscale

Thanks for the details. If you want a more up to date version of this codebase have a look at the ScummVM implementation here: https://github.com/scummvm/scummvm/tree/master/engines/twine

xesf avatar Dec 29 '23 18:12 xesf