On Fri, May 31, 2002 at 09:36:55PM +0200, Admin wrote:
> Hello all,
> in these days I got a strange core dump using the ftp client.
> This core dump can only did by using the PUTTY ssh client...
>
> (Tested with putty 0.52)
>
> >root@Wayreth[~]: ftp ftp.unina.it
> >Connected to ftp.unina.it.
> >220
> >Name (ftp.unina.it:root): ^\Quit (core dumped)
> >root@Wayreth[~]:
>
> for do that, just push CTRL+ù when the user is requested...
>
> Tested system:
> -OpenBSD 3.1
> -OpenBSD 3.0
> -OpenBSD 2.9
> -FreeBSD 4.4-RC5
> -FreeBSD 4.5-STABLE
> -FreeBSD kalieye 4.6-RC FreeBSD 4.6-RC
> -SunOS XXXXX 5.6 Generic_105181-30 sun4u sparc SUNW,Ultra-Enterprise
> -SunOS XXXXX 5.6 Generic_105182-30 i86pc i386 i86pc
>
> Not vulnerable:
> -Linux
>
> This bug haven't any security issue, it's only a client and not with the
> +s flag. In these day I haven't the time to check the source code for
> see what's is wrong, I will did it in some days...
This has nothing directly to do with ftp(1). This is inside of
fgets(3) and libc. This little program can reproduce it,
#include <stdio.h>
#define BSIZE 100
int main()
{
char buf[BSIZE];
printf("Input: ");
if (fgets(buf, BSIZE, stdin) != NULL)
printf("Success: %s", buf);
else {
printf("Failed\n");
return 1;
}
return 0;
}
Just hit ctrl-\ at the 'Input:' prompt.
--
Crist J. Clark | cjclarkat_private
| cjclarkat_private
http://people.freebsd.org/~cjc/ | cjcat_private
This archive was generated by hypermail 2b30 : Sat Jun 01 2002 - 16:07:51 PDT