I took a few minutes to look at some of the other Xandros holes I found and decided this one if fully worthless so here ya go.... the fix is using snprintf instead of sprintf. If you can't see it you are blind. There are 2 other useless sgid games holes as well... I will send out the details when I research them. sgid games on Xandros based linux *wee this is worthless flames > /dev/null* This is the closest refrence to a vendor for this software I could find...Its PURELY novelty however I have seen people make this into a cgi program... hopefully they used perl! * pt.c version 3.9 December 19, 1989 Eric Lechner (lechnerat_private) a general purpose N-question (purity) test. data file format given in pt.h tailor definitions to your needs in pt.h */ in the main program file pt.c main(argc,argv) { ... char path[256], err = 0; ch = FALSE; while (ch == FALSE) { if (++err >= argc) { (void) sprintf(path,"%s/%s",LIBDIR,"intro"); ch = TRUE; } else { switch (*argv[err]) { case '-' : break; default : (void) sprintf(path,"%s/%s", LIBDIR, argv[err]); ch = TRUE; break; } } elguapo25:~# /usr/games/purity `perl -e 'print "A" x 9000'` Segmentation fault This is hardly worth taking the time to open gdb =] -KF
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 18:30:45 PDT