lha buffer overflow(s) again May 15 2004 11:09AM
lw wszia edu pl

i posted it yesterday to bugs (at) redhat (dot) com [email concealed] but mailbox is disabled for that recipient :-/

Date: Sat, 15 May 2004 00:24:09 +0200 (CEST)

From: Lukasz Wojtow <gnz (at) student.wszia.edu (dot) pl [email concealed]>

To: bugs (at) redhat (dot) com [email concealed]

Subject: LHA buffer overflow (not the last one already fixed)

it seems that lha is quite poorly written. after your last advisory, i

decided to take a look at the code and found 2 BO in function extract_one

(file lhext.c):

if (extract_directory)

sprintf(name, "%s/%s", extract_directory, q);


strcpy(name, q);

i bet there is more...


Lukasz Wojtow

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus