Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

From: Vade 79 (v9at_private)
Date: Thu Aug 14 2003 - 12:05:19 PDT

Next message: noir: "Re: Buffer overflow prevention"

Previous message: sauron: "Re: Buffer overflow prevention"
Maybe in reply to: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20030810011227.5888.qmailat_private> > ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number >*/.............lol > *strp = malloc(buflen); > > if (*strp) > { > va_list ap; > va_start(ap, fmt); > vsnprintf(*strp, buflen, fmt, ap);..................................lol >getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow...... how do you figure? it uses the same buflen value to limit the amount written to the buffer in the vsnprintf call as it was allocated(cept didn't add space for the null byte)? am i missing something?

Next message: noir: "Re: Buffer overflow prevention"
Previous message: sauron: "Re: Buffer overflow prevention"
Maybe in reply to: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 14 2003 - 18:19:28 PDT