Bugtraq mailing list archives
Re: TOG and xterm problem
From: peak () kerberos troja mff cuni cz (Pavel Kankovsky)
Date: Mon, 4 May 1998 11:06:05 +0200
On Fri, 1 May 1998, Jeff Gehlbach wrote:
Open Group, when *will* the rest of us see at least some clues about where the bug lies and how it can be fixed? You say you won't release patches to X11R<6.4, but can you at least be nice enough to tell those of us using the still-perfectly-serviceable 6.3 just a tidbit about the problem?
Believe or not, it took me 10 minutes to grep the appropriate parts of X11R6.3 sources, following the clues mentioned in the CERT advisory, and find the bugs--at least some of them. xc/programs/xterm/charproc.c: * HandleKeymapChange(): (void) sprintf( mapName, "%sKeymap", params[0] ); (void) strcpy( mapClass, mapName ); (actually, the second command is mostly harmless because the size of mapName and mapClass is the same) xc/programs/xterm/charproc.c: * VTInitI18N(): strcpy(tmp, term->misc.input_method); ... strcpy(buf, "@im="); strcat(buf, s); ... strcpy(tmp, term->misc.preedit_type); xc/lib/Xaw/XawIm.c: * OpenIM(): strcpy(modifiers, "@im="); strcat(modifiers, ve->im.im_list[i]); * ParseIMNameList(): char *s, *save_s, *ss, *list[32], **lp, *end; ... list[i] = s; (This one is quite interesting. Exercise for the reader: write an exploit.) <ironic> Security hint of the day: find . -name '*.[ch]' | \ xargs egrep -l 'sprintf|strcat|strcpy' | \ xargs rm </ironic> --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] P.S. A copy of this message is being submitted to XFree86.
Current thread:
- TOG and xterm problem Jeff Gehlbach (Apr 30)
- Re: TOG and xterm problem Theo de Raadt (May 01)
- Re: TOG and xterm problem Trevor Johnson (May 03)
- Warning! Webmin Security Advisory Jiva DeVoe (May 01)
- Solaris kernel sockets interface (bug?) Natali Gracheva (May 01)
- Re: TOG and xterm problem Pavel Kankovsky (May 04)
- Re: TOG and xterm problem Valdis.Kletnieks () VT EDU (May 04)
- Netmanage Holes arager () MCGRAW-HILL COM (May 04)
- Re: TOG and xterm problem System Administrator (May 04)
- Re: TOG and xterm problem David Dawes (May 06)
- Netmanage Holes -- addendum arager () MCGRAW-HILL COM (May 04)
- Re: Netmanage Holes -- addendum Tom Czarnik (May 04)
- <Possible follow-ups>
- Re: TOG and xterm problem Pavel Kankovsky (May 04)
- Re: TOG and xterm problem Theo de Raadt (May 01)