I took a few minutes to look at some of the other Xandros holes I found
and decided this one if fully worthless so here ya go.... the fix is
using snprintf instead of sprintf. If you can't see it you are blind.
There are 2 other useless sgid games holes as well... I will send out
the details when I research them.
sgid games on Xandros based linux *wee this is worthless flames > /dev/null*
This is the closest refrence to a vendor for this software I could find...Its PURELY novelty however I have seen people make this into a cgi program...
hopefully they used perl!
*
pt.c version 3.9 December 19, 1989
Eric Lechner (lechnerat_private)
a general purpose N-question (purity) test.
data file format given in pt.h
tailor definitions to your needs in pt.h
*/
in the main program file pt.c
main(argc,argv)
{
...
char path[256],
err = 0;
ch = FALSE;
while (ch == FALSE) {
if (++err >= argc) {
(void) sprintf(path,"%s/%s",LIBDIR,"intro");
ch = TRUE;
} else {
switch (*argv[err]) {
case '-' :
break;
default :
(void) sprintf(path,"%s/%s",
LIBDIR, argv[err]);
ch = TRUE;
break;
}
}
elguapo25:~# /usr/games/purity `perl -e 'print "A" x 9000'`
Segmentation fault
This is hardly worth taking the time to open gdb =]
-KF
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 18:30:45 PDT