SecurityFocus

GNU Sharutils buffer overflow vulnerability. Apr 06 2004 07:04PM
Shaun Colley (shaunige yahoo co uk) (2 replies)

Re: GNU Sharutils buffer overflow vulnerability. Apr 10 2004 08:14PM
Dan Yefimov (dan D00M integrate com ru)

Re: GNU Sharutils buffer overflow vulnerability. Apr 07 2004 08:03AM
Didier Arenzana (darenzana yahoo fr) (1 replies)

--- Shaun Colley <shaunige (at) yahoo.co (dot) uk [email concealed]> a écrit :
> Product: GNU Sharutils -

Hello,
I've juste read your advisory, and I'd like to advise your patch is
incomplete:

> [...]
> case 'o':
> - strcpy (output_base_name, optarg);
> + strncpy (output_base_name, optarg,
> sizeof(output_base_name));

You must add

output_base_name[sizeof(output_base_name)]='\0' ;

here, otherwize your string will not be null-termminated when optarg is too
long.

Regards,
Didier.

Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/

Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com

[ reply ]

Re: GNU Sharutils buffer overflow vulnerability. Apr 07 2004 08:57PM
Carlos Eduardo Pinheiro (cbc99 bol com br)