On Thu, Jun 20, 2002 at 08:12:54PM +0400, 3APA3A wrote: > > Do not say bsd. At least FreeBSD doesn't use supplied parameters in main > loop. It copies supplied parameters to register variables > > register char *dst = dst0; > register const char *src = src0; > register size_t t; > > before starting this loop and never back to original values. It makes it > impossible to exploit this vulnerability in a way you described. Sorry, but the code was directly taken from FreeBSD cvs. You can look as long you want into the generic bcopy.c file. For x86 you must look at the assembler implementation. And this is what runs on x86. Beside that I tested this on FreeBSD and it worked like a charm. Stefan Esser - e-matters Security >
This archive was generated by hypermail 2b30 : Thu Jun 20 2002 - 09:51:54 PDT