On Wed, Apr 18, 2001 at 06:13:49PM +0200, Boris Gentleman Schauerte wrote:
> but I'm not sure if it is really a ovflow, I hadn't had enough time
> to test it in an debugger, but if I call "ping" under Linux (SuSE
> Linux 7.1) with more than 1020 (tested it with some other lengths)
> Characters it seems to crash.
> I don't know if it is a mechanism to secure the program or an fault,
> or just an too long string without the possibilty to insert
> shellcode.
Red Hat Linux 7.1:
% H=`perl -e 'print "A"x2000'`
% ping $H
nscd: 426: key length in request too long: 2001
ping: unknown host AAAAAAA...
% strace ping $H
...
connect(3, {sin_family=AF_UNIX, path="
/var/run/.nscd_socket"}, 110) = 0
write(3, "\2\0\0\0\4\0\0\0\321\7\0\0", 12nscd: 426: key length in request too long: 2001
) = 12
write(3, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"..., 2001) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---
+++ killed by SIGPIPE +++
% uname -a; rpm -qf `which ping` ; rpm -q glibc nscd
Linux xxxxx.xxxxx.xxx.xxxx.cz 2.4.4-pre3 #1 Sat Apr 14 10:37:45 CEST 2001 i586 unknown
iputils-20001110-1
glibc-2.2.2-10
nscd-2.2.2-10
> If it is not an overflow or this one is well known, I'm sorry to contacted
> this group with a fault information.
Have a nice day
--
Martin Mačok
underground.cz
openbsd.cz
This archive was generated by hypermail 2b30 : Fri Apr 20 2001 - 08:55:56 PDT