#993588 wily: Potential Buffer Overflow in libmsg/connect.c

Package:
wily
Source:
wily
Description:
work-alike of the Acme programming environment for Plan 9
Submitter:
"Potential Buffer Overflow vulnerability in xfig-3.2.7b"
Date:
2021-09-03 12:48:03 UTC
Severity:
normal
#993588#5
Date:
2021-09-03 12:45:45 UTC
From:
To:
Dear Maintainer,

It seems that there exists a potential Buffer Overflow in libmsg/connect.c.
In line 184, and 191,
(184) if(!(disp = getenv("DISPLAY"))) {
...
(191) sprintf(buf, "%s/wily%s%s", dir, pw->pw_name, disp);

the variable disp is a previously stored path by external source.
If the length of disp is large enough in sprintf, this may cause Buffer Overflow.