Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Unrarlib 0.4.0 (urarlib_get) Local buffer overflow
From: starcadi <starcadi () autistici org>
Date: Tue, 13 Mar 2007 17:47:24 +0100

Description:

in file unrarlib.c don't exist the check control of size len filename
passed in function urarlib_get() using strcpy()

Source error:

--
char ArcName[255];                        /* RAR archive
..
int urarlib_get(void *output,
                unsigned long *size,
                char *filename,
                void *rarfile,
                char *libpassword)
/* Get a file from a RAR file to the "output" buffer. The UniquE RAR
FileLib
 * does everything from allocating memory, decrypting and unpacking the
file
 * from the archive. TRUE is returned if the file could be successfully
 * extracted, else a FALSE indicates a failure.
 */
{
  BOOL  retcode = FALSE;

#ifdef _DEBUG_LOG
  int  str_offs;                            /* used for debug-strings
*/
  char DebugMsg[500];                       /* used to compose debug msg
*/

  if(debug_log_first_start)
  {
    debug_log_first_start=FALSE;            /* only create a new log
file   */
    debug_init(_DEBUG_LOG_FILE);            /* on startup
*/
  }

#endif

  InitCRC();                                /* init some vars
*/

  strcpy(ArgName, filename);                /* set file(s) to extract
*/
#ifdef _USE_MEMORY_TO_MEMORY_DECOMPRESSION
  MemRARFile = rarfile;                     /* set pointer to mem-RAR
file  */
#else
  strcpy(ArcName, rarfile);                 /* set RAR file name
*/
#endif
--


-- starcadi



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Unrarlib 0.4.0 (urarlib_get) Local buffer overflow starcadi (Mar 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault