BugTraq
Back to list
|
Post reply
Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability
Aug 14 2003 07:05PM
Vade 79 (v9 fakehalo deadpig org)
In-Reply-To: <20030810011227.5888.qmail (at) www.securityfocus (dot) com [email concealed]>
> ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number
>*/.............lol
> *strp = malloc(buflen);
>
> if (*strp)
> {
> va_list ap;
> va_start(ap, fmt);
> vsnprintf(*strp, buflen, fmt,
ap);..................................lol
>getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow......
how do you figure? it uses the same buflen value to limit the amount
written to the buffer in the vsnprintf call as it was allocated(cept
didn't add space for the null byte)? am i missing something?
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number
>*/.............lol
> *strp = malloc(buflen);
>
> if (*strp)
> {
> va_list ap;
> va_start(ap, fmt);
> vsnprintf(*strp, buflen, fmt,
ap);..................................lol
>getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow......
how do you figure? it uses the same buflen value to limit the amount
written to the buffer in the vsnprintf call as it was allocated(cept
didn't add space for the null byte)? am i missing something?
[ reply ]