|
|
BugTraq
GNU Sharutils buffer overflow vulnerability. Apr 06 2004 07:04PM Shaun Colley (shaunige yahoo co uk) (2 replies) Re: GNU Sharutils buffer overflow vulnerability. Apr 10 2004 08:14PM Dan Yefimov (dan D00M integrate com ru) Re: GNU Sharutils buffer overflow vulnerability. Apr 07 2004 08:03AM Didier Arenzana (darenzana yahoo fr) (1 replies) |
|
Privacy Statement |
output_base_name[sizeof(output_base_name)-1] = '\0'; will be sane...
----- Original Message -----
From: "Didier Arenzana" <darenzana (at) yahoo (dot) fr [email concealed]>
To: "Shaun Colley" <shaunige (at) yahoo.co (dot) uk [email concealed]>; <bugtraq (at) securityfocus (dot) com [email concealed]>
Sent: Wednesday, April 07, 2004 5:03 AM
Subject: Re: GNU Sharutils buffer overflow vulnerability.
> --- Shaun Colley <shaunige (at) yahoo.co (dot) uk [email concealed]> a écrit :
> > Product: GNU Sharutils -
>
> Hello,
> I've juste read your advisory, and I'd like to advise your patch is
> incomplete:
>
> > [...]
> > case 'o':
> > - strcpy (output_base_name, optarg);
> > + strncpy (output_base_name, optarg,
> > sizeof(output_base_name));
>
> You must add
>
> output_base_name[sizeof(output_base_name)]='\0' ;
>
> here, otherwize your string will not be null-termminated when optarg is
too
> long.
>
> Regards,
> Didier.
>
>
>
>
>
>
>
> Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout !
> Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/
>
> Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez
Yahoo! Messenger sur http://fr.messenger.yahoo.com
>
[ reply ]