Re: Buffer overflow in BASH

From: Chet Ramey (chetat_private)
Date: Mon Apr 19 1999 - 13:59:24 PDT

Next message: aleph1at_private: "Security Bulletins Digest"

Previous message: Taral: "Re: Plain text passwords--necessary"
Maybe in reply to: Wojciech Purczynski: "Buffer overflow in BASH"
Next in thread: Peter J. Holzer: "Re: Buffer overflow in BASH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> BASH wrongly allocates memory for lines read from redirected
> standard input. If you use CMD << _EOF_WORD_ operator to
> redirect standard input BASH will read following lines from
> the command input (either tty or shell script) into
> dynamically allocated memory until it encounters _EOF_WORD_.
> The BASH allocates only 1000 bytes for first line regardless
> of line length. I looked at the source code and this is what I
> found in 'make_cmd.c':
>
> if (len + document_index >= document_size)
>   {
>     document_size = document_size ? 2 * (document_size + len)
>       : 1000;	/* XXX */
>     document = xrealloc (document, document_size);
>   }

This was fixed a long time ago, with bash-2.02.1 for sure, which was
released almost a year ago.

--
``The lyf so short, the craft so long to lerne.'' - Chaucer
( ``Discere est Dolere'' -- chet)

Chet Ramey, Case Western Reserve University	Internet: chetat_private

Next message: aleph1at_private: "Security Bulletins Digest"
Previous message: Taral: "Re: Plain text passwords--necessary"
Maybe in reply to: Wojciech Purczynski: "Buffer overflow in BASH"
Next in thread: Peter J. Holzer: "Re: Buffer overflow in BASH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:09 PDT