Bugtraq mailing list archives
Re: A couple of patches (RFC931 and scp location)
From: henson () INTRANET CSUPOMONA EDU (Paul B. Henson)
Date: Mon, 9 Jun 1997 17:01:48 -0700
From: Matt Simmons <simmonmt () cs purdue edu>
[...]
a post to the ssh list. One of the subscribers to that list, Benjamin Stassart, looked through it and found a possible buffer overrun. His
I don't see an overflow here.
while ((w = read(s, &ch, 1)) == 1) { *buf = ch; if ((ch != ' ') && (ch != '\t') && (ch != '\r')) ++buf; if ((buf - realbuf == sizeof(realbuf) - 1) || (ch == '\n')) break; }
This code is prefaced somewhere by: char realbuf[SIZ]; buf = realbuf; Translating into more readable(?) pseudo code: Set buf to point to the first character of realbuf While a call to read successfully returns a character Add the character to realbuf at the location pointed to by buf If the character is not a space, tab, or return Increment buf to point at the next char in realbuf If buf is pointing at the last char in realbuf or the character read was a newline Exit the while loop This loop will exit on either a newline, or when buf is pointing at the last character of realbuf. Where's the possible overflow? If you feed this loop a bunch of spaces, tabs, or returns, all you'll succeed in doing is overwriting the same spot in realbuf. -- Paul Henson | System Administrator | Cal Poly Pomona | (909) 869-3781 pbhenson () csupomona edu | finger -l henson () www csupomona edu for PGP key
Current thread:
- Re: A couple of patches (RFC931 and scp location) Matt Simmons (Jun 08)
- Re: A couple of patches (RFC931 and scp location) Joe Zbiciak (Jun 09)
- Re: A couple of patches (RFC931 and scp location) Paul B. Henson (Jun 09)
- Bad permissions (644) on /etc/shadow after editing via Krzysztof G. Baranowski (Jun 10)
- Q142047: Bad Network Packet May Cause Access Violation (AV) on Aleph One (Jun 10)
- Q167629: Predictable Query IDs Pose Security Risks for DNS Servers Aleph One (Jun 10)
- Q169461: Access Violation in DNS.EXE Caused by Malicious Telnet Aleph One (Jun 10)