Re: CVE needed? / gnuchess 6.2.4 fixed user input buffer overflow

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The reference for this bug is:

  http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134

> may need some other application in front (e.g. a website
> using gnuchess for a backend or some mobile/desktop application
> forwarding evil input to gnuchess with improper validation) to attack.

Is it vulnerable without such an application if launched as
"gnuchess -u" (UCI mode)? For example, is it taking untrusted input of
4096 characters and sending it to the ValidateMove function that is
expecting 128?


  #define BUF_SIZE 4096

  #define MAXSTR 128


  if ( flags & UCI )
  ...
  NextEngineCmd();
  ...
  ReadFromEngine();


  static char engineinputbuf[BUF_SIZE]="";


  nread = read( pipefd_a2f[0], engineinputaux, BUF_SIZE );
  strcat( engineinputbuf, engineinputaux );


  char enginemovestr[BUF_SIZE]="";
  enginemove = ValidateMove( enginemovestr );

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYKYadAAoJEHb/MwWLVhi2mH4P/joQRzioJrkPSlThGwhDOT7u
+vA3ceM8z+7u8Kf25lQNVgq4o+5YWARUJZBXHSRcC1rqCPuuWqw/aHUf8ijd9ryT
QyzZ21wceInfp1EtjqjmtzBh++i00QqoKoLeNAeRilC7DL6T+OsxPEAt0ehtzRNJ
ZgM7r1i25CcAxsnhQWNIzv5zRTo6v9DXaSabhiHT+OkP9m2C/oJQJYO3nRt3kAaC
mt8sXppmdMj7YNZ9uxKWVVwA0vIVP6+Ds3ZonKM/O80zLFXfu1hxKLG/lJ77qzLc
pdG5ntFpHZ0TrvR1yPezwyn3Wi8Up+3PY0vkTP1npvlrcmhB9HnpUUzvPMyEK2KF
ctiMpAtg5PxoETjPGy6YKs9NxSjIiduJBJiQaYbQwfKHWITVB3Rt1gEBS7WgxJ8P
P7z8SX7kcsV3cMJJoaInHpnI3f51hp8+mr6HcWksDIspl6B4msU0nbq6kXrUmEWW
N7hfON3zWZrl+5iulvWKU7XRstG9jfKBKrgjCVNZWU1bA82dSRJou5L/EbGUCIhX
poJP5l+htbCdy8nmJ0abdcq0e8YdWNxpGZRgvh84WBHV5O4FATlpD7anrO9Vcdzw
NWnLqtMyKgx++AKV0YQSmoHZSUIvelcdmoL5tpe6XANZn25LBIiAI5YUdfTmOHFi
QGhs9frDuvyfcE38oKMQ
=9OQP
-----END PGP SIGNATURE-----