<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability

From: Vade 79 <v9_at_fakehalo.deadpig.org>
Date: 14 Aug 2003 19:05:19 -0000

('binary' encoding is not supported, stored as-is) In-Reply-To: <20030810011227.5888.qmail_at_www.securityfocus.com>

> ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number
>*/.............lol
> *strp = malloc(buflen);
>
> if (*strp)
> {
> va_list ap;
> va_start(ap, fmt);
> vsnprintf(*strp, buflen, fmt,
ap);..................................lol

>getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow......

how do you figure? it uses the same buflen value to limit the amount
written to the buffer in the vsnprintf call as it was allocated(cept
didn't add space for the null byte)? am i missing something?
Received on Aug 14 2003

This message: [ Message body ]
Next message: noir: "Re: Buffer overflow prevention"
Previous message: sauron: "Re: Buffer overflow prevention"
Maybe in reply to: yan feng: "PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]