|
|
BugTraq
GNU Sharutils buffer overflow vulnerability. Apr 06 2004 07:04PM Shaun Colley (shaunige yahoo co uk) (2 replies) Re: GNU Sharutils buffer overflow vulnerability. Apr 07 2004 08:03AM Didier Arenzana (darenzana yahoo fr) (1 replies) Re: GNU Sharutils buffer overflow vulnerability. Apr 07 2004 08:57PM Carlos Eduardo Pinheiro (cbc99 bol com br) |
|
Privacy Statement |
> I have written a simple patch below to fix the buffer
> overflow bug:
>
>
> --- shar-bof.patch ---
>
> --- shar.1.c 2004-04-06 16:26:55.000000000 +0100
> +++ shar.c 2004-04-06 16:32:32.000000000 +0100
> @@ -1905,7 +1905,7 @@
> break;
>
> case 'o':
> - strcpy (output_base_name, optarg);
> + strncpy (output_base_name, optarg,
> sizeof(output_base_name));
> if (!strchr (output_base_name, '%'))
> strcat (output_base_name, ".%02d");
> part_number = 0;
> --- EOF ---
>
Your patch isn't quite correct since you at least forgot about
strcat(output_base_name, ".%02d") following patched code. You didn't also
notice subsequent using output_base_name as a format string which may produce
overflow of output_filename[] because of unnoticed percent symbols passed in.
Attached a patch accounting for that.
--
Sincerely Your, Dan.
[ reply ]