agordon / fastx_toolkit

FASTA/FASTQ pre-processing programs
Other
167 stars 60 forks source link

Buffer overflow caused by MAX_SEQ_LINE_LENGTH being longer than MAX_SEQUENCE_LENGTH. #17

Closed charles-plessy closed 7 years ago

charles-plessy commented 7 years ago

Hi Gordon and all,

In Computer Security, Privacy, and DNA Sequencing: Compromising Computers with Synthesized DNA, Privacy Leaks, and More (2017), Ney, Koscher, Organick, Ceze & Kohno, University of Washington, report a buffer overflow in FASTX-Toolkit, caused by the difference between MAX_SEQ_LINE_LENGTH (25000) and MAX_SEQUENCE_LENGTH (2000). Would it suffice to set MAX_SEQ_LINE_LENGTH to 2000 to solve the problem?

agordon commented 7 years ago

Hi.

Thanks for the heads-up. I've committed a change (which increases the size instead of reducing it) - but I have not tested it at all.

I consider fastx-toolkit to be unmaintained - and I have added a big README notice saying so.

regards, -gordon