Re: Dreaming of Summer

[David Maynor <dave () 0dayspray com>]

Far be it from me to point on bugs in other peoples code:
  i = 0;
  while (i < sizeof(respbuf))
  {
    if ((n = SSL_read(ssl, &respbuf[i], sizeof(respbuf) - i)) < 0) { perror("read()"); exit(1); }
    i -= n;
  }

Now I am no exploit genius like Dave or Gobbles but i -= n; seems a bit....iffy to me. Shouldn't it be
 i += n;? Now of course you can't write outside the buffer cause i is unsigned and wrapping i under 0 
will still eval to false, but this type of coding methodology could cause diasters if it was applied 
to things like...rpc services for instance. I would like to thank Mark Dowd for pointing this out.
I would also like to thank goobles, without them subtracting from zero, this would not be as funny.

On Sat, 2003-12-06 at 22:09, Dave Aitel wrote:
> Did you see this?  http://www.bugtraq.org/advisories/_BSSADV-0000.txt
>
> That's right, "Writing a GUI for Snort: $0; Using OpenSSL and Postgres 
> for secure database connectivity: $0; Letting anonymous remote users 
> edit your rulesets: Priceless."
>
> Why bother inserting a bug, when the bugs are inserted for you?  :>

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave