[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNU Sharutils buffer overflow vulnerability.

To: "Didier Arenzana" <darenzana@xxxxxxxx>, "Shaun Colley" <shaunige@xxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: GNU Sharutils buffer overflow vulnerability.
From: "Carlos Eduardo Pinheiro" <cbc99@xxxxxxxxxx>
Date: Wed, 7 Apr 2004 17:57:14 -0300

btw.. you´re still overwriting 1 byte after the bounds of output_base_name,
output_base_name[sizeof(output_base_name)-1] = '\0'; will be sane...

----- Original Message ----- 
From: "Didier Arenzana" <darenzana@xxxxxxxx>
To: "Shaun Colley" <shaunige@xxxxxxxxxxx>; <bugtraq@xxxxxxxxxxxxxxxxx>
Sent: Wednesday, April 07, 2004 5:03 AM
Subject: Re: GNU Sharutils buffer overflow vulnerability.


> --- Shaun Colley <shaunige@xxxxxxxxxxx> a écrit :
> > Product:      GNU Sharutils -
>
>   Hello,
>   I've juste read your advisory, and I'd like to advise your patch is
> incomplete:
>
> > [...]
> >        case 'o':
> > -       strcpy (output_base_name, optarg);
> > +       strncpy (output_base_name, optarg,
> > sizeof(output_base_name));
>
> You must add
>
>      output_base_name[sizeof(output_base_name)]='\0' ;
>
> here, otherwize your string will not be null-termminated when optarg is
too
> long.
>
> Regards,
> Didier.
>
>
>
>
>
>
>
> Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
> Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
>
> Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez
Yahoo! Messenger sur http://fr.messenger.yahoo.com
>

References:
- Re: GNU Sharutils buffer overflow vulnerability.
  - From: Didier Arenzana

Prev by Date: Solaris vfs_getvfssw() local kernel exploit
Next by Date: [OpenPKG-SA-2004.010] OpenPKG Security Advisory (tcpdump)
Previous by thread: Re: GNU Sharutils buffer overflow vulnerability.
Next by thread: Re: GNU Sharutils buffer overflow vulnerability.
Index(es):
- Date
- Thread