Hello,
While testing various binarys on Redhat 8.0 i came
across a buffer overflow in the /usr/sbin/client
program that ships with squid. Redhat 8.0 ships with
squid-2.4.STABLE7-4.src.rpm i also looked at client.c
source for latest version which has same problem. The
problem is when suppling 8229 or more characters when
running /usr/sbin/client eg.
[fault_at_b0f fault]$ /usr/sbin/client `perl -e 'print
"A"x8229'`
Segmentation fault (core dumped)
[fault_at_b0f fault]$
after a quick look at code it seems to be overflowing
at the strcpy call.
<snips from code>
#define BUFSIZ 8192
char url[BUFSIZ], msg[BUFSIZ], buf[BUFSIZ];
else if (argc >= 2) {
strcpy(url, argv[argc - 1]);
if (url[0] == '-')
usage(argv[0]);
</snips from code>
FIX
-=-=-
- strcpy(url, argv[argc - 1]);
+ strncpy(url, argv[argc - 1], sizeof(BUFSIZ));
NOT A SECURITY ISSUE , JUST ANOTHER DUMB SEGFAULT
EOF
Alan M
(faulty)
www.b0f.net
---------------------------------
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Jan 08 2003
Intro
