[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

To: bugtraq@securityfocus.com
Subject: Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability
From: Vade 79 <v9@fakehalo.deadpig.org>
Date: 14 Aug 2003 19:05:19 -0000

In-Reply-To: <20030810011227.5888.qmail@www.securityfocus.com>

>  ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number 
>*/.............lol
>  *strp = malloc(buflen);
>
>  if (*strp)
>  {
>    va_list ap;
>    va_start(ap, fmt);
>    vsnprintf(*strp, buflen, fmt, 
ap);..................................lol

>getenv("HOME") >50*strlen(%s/.dsh/dsh.conf)  ......buf overflow......

how do you figure? it uses the same buflen value to limit the amount 
written to the buffer in the vsnprintf call as it was allocated(cept 
didn't add space for the null byte)? am i missing something?

Prev by Date: Re: Buffer overflow prevention
Next by Date: Re: Buffer overflow prevention
Prev by thread: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability
Next by thread: ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure
Index(es):
- Date
- Thread