strcpy bug

From: xenophi1e (oliver.laveryat_private)
Date: Sat May 31 2003 - 17:23:24 PDT

Next message: Dave McKinney: "Announcement: SecurityFocus Pen-Test and Firewalls Focus Areas"

Next in thread: Dave Korn: "Re: strcpy bug"
Reply: Dave Korn: "Re: strcpy bug"
Reply: xenophi1e: "Re: strcpy bug"
Reply: Dave Korn: "Re: strcpy bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Noticed this while looking for something else. EIP is smacked with a 268 byte filename argument. Anyone know an interesting bit of software that calls LZOpenFileA or W? .text:77EB63B6 ; ііііііііііііііі S U B R O U T I N E ііііііііііііііііііііііііііііііііііііііі .text:77EB63B6 .text:77EB63B6 ; Attributes: bp-based frame .text:77EB63B6 .text:77EB63B6 ; INT __stdcall LZOpenFileA(LPSTR,LPOFSTRUCT,WORD) .text:77EB63B6 public LZOpenFileA .text:77EB63B6 LZOpenFileA proc near ; CODE XREF: LZOpenFileW+5Cp .text:77EB63B6 .text:77EB63B6 FileName = byte ptr -104h .text:77EB63B6 lpString2 = dword ptr 8 .text:77EB63B6 lpReOpenBuff = dword ptr 0Ch .text:77EB63B6 arg_8 = word ptr 10h .text:77EB63B6 .text:77EB63B6 push ebp .text:77EB63B7 mov ebp, esp .text:77EB63B9 sub esp, 104h .text:77EB63BF push ebx .text:77EB63C0 push esi .text:77EB63C1 push edi .text:77EB63C2 push [ebp+lpString2] ; lpString2 .text:77EB63C5 lea eax, [ebp+FileName] .text:77EB63CB push eax ; lpString1 .text:77EB63CC call lstrcpyA Cheers, ~x

Next message: Dave McKinney: "Announcement: SecurityFocus Pen-Test and Firewalls Focus Areas"
Next in thread: Dave Korn: "Re: strcpy bug"
Reply: Dave Korn: "Re: strcpy bug"
Reply: xenophi1e: "Re: strcpy bug"
Reply: Dave Korn: "Re: strcpy bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 01 2003 - 12:27:11 PDT