Full Disclosure mailing list archives
bufferoverflow in client shipped with squid-2.5.STABLE1.tar.gz (latest) and below
From: mr elite <woot_woot_root () yahoo co uk>
Date: Wed, 8 Jan 2003 08:46:46 +0000 (GMT)
Hello,
While testing various binarys on Redhat 8.0 i came
across a buffer overflow in the /usr/sbin/client
program that ships with squid. Redhat 8.0 ships with
squid-2.4.STABLE7-4.src.rpm i also looked at client.c
source for latest version which has same problem. The
problem is when suppling 8229 or more characters when
running /usr/sbin/client eg.
[fault@b0f fault]$ /usr/sbin/client `perl -e 'print
"A"x8229'`
Segmentation fault (core dumped)
[fault@b0f fault]$
after a quick look at code it seems to be overflowing
at the strcpy call.
<snips from code>
#define BUFSIZ 8192
char url[BUFSIZ], msg[BUFSIZ], buf[BUFSIZ];
else if (argc >= 2) {
strcpy(url, argv[argc - 1]);
if (url[0] == '-')
usage(argv[0]);
</snips from code>
FIX
-=-=-
- strcpy(url, argv[argc - 1]);
+ strncpy(url, argv[argc - 1], sizeof(BUFSIZ));
NOT A SECURITY ISSUE , JUST ANOTHER DUMB SEGFAULT
EOF
Alan M
(faulty)
www.b0f.net
---------------------------------
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
Current thread:
- bufferoverflow in client shipped with squid-2.5.STABLE1.tar.gz (latest) and below mr elite (Jan 08)
