Home page logo
/

bugtraq logo Bugtraq mailing list archives

proftpd 1.2.0rc2 -- example of bad coding
From: Przemyslaw Frasunek <venglin () FREEBSD LUBLIN PL>
Date: Wed, 10 Jan 2001 19:11:09 +0100

Another examples of bad coding in ftp daemons, proftpd-1.2.0rc2 in this case.


main.c:659:

void main_exit(void *pv, void *lv, void *ev, void *dummy)
{
  int pri = (int) pv;
  char *log = (char *) lv;
  int exitcode = (int) ev;

  log_pri(pri, log); /* here */

main_exit() is called by shutdown_exit() at main.c:708, with formatted
shutdown message, which *can* contain user-suppiled data (cwd). Almost
impossible to exploit.


main.c:803

          if(MODRET_ERRNUM(mr) && MODRET_ERRMSG(mr))
/* here */  add_response_err(MODRET_ERRNUM(mr),MODRET_ERRMSG(mr));
          else if(MODRET_ERRMSG(mr))
/* here */  send_response_raw(MODRET_ERRMSG(mr));

MODRET_ERRMSG argument is prepared by ERROR_MSG called from module.
Default and contributed modules doesn't return any user suppiled values
in error messages.

--
* Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE *
* Inet: przemyslaw () frasunek com ** PGP: D48684904685DF43EA93AFA13BE170BF *


  By Date           By Thread  

Current thread:
  • proftpd 1.2.0rc2 -- example of bad coding Przemyslaw Frasunek (Jan 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault