Bugtraq mailing list archives
Re: Imagemap CGI overflow exploit
From: john () LOVERSO SOUTHBOROUGH MA US (John LoVerso)
Date: Fri, 22 Oct 1999 13:12:05 -0400
void main(int argc, char **argv) { char OutString[100]; // extract x & y from passed values strcpy(OutString, argv[1]); This overflow can be avoided if you put the following code before strcpy(). if (strlen(argv[1])>99) exit(0);
While a tiny bounds check is usually important, IMHO it is more important to notice the coding style. The tiny snippet above tells me that the author of the original code doesn't have much of a clue. I don't mean just in regards to static buffer sizes, but also in regards to effeciency, memory utilization, or possibly even programming in C. Why didn't they use "char *outstring = argv[1];"? What do they do with Outstring, just pass it to atoi() to extract x? Or, perhaps, they even wrote their own version of atoi() with it's own errors. This code snippet has "I just learned C" all over it. I wouldn't be surprised if the original author didn't make dozens of similar mistakes. This is damning not only to this particular program, but also reflects on the quality and care that went into "OmniHTTPd 1.01 and Pro2.04". I don't know what those programs are, but if they were commercial packages, this could be a warning as to the possibility of their own weaknesses. The willingness of an author to ship such obviously broken code shows a distinct lack of professionalism. It's obvious they don't code review, which probably means they couldn't have done a security review. I'm not trying to pick on one program or author, but this is indicative of the state of software in general. This leads to one of the (usually) ignored keystones of that which, of late, has aquired the name "open source software". Having source doesn't just let you fix or extend software upon which you depend. Seeing the source code of a program can give valuable insight about the quality and skill that went into it's development. Shunning code and products from sources of low quality can help stem the tide of bugs, especially those that result in security vulnerabilities. John
Current thread:
- Imagemap CGI overflow exploit UNYUN (Oct 21)
- Re: Imagemap CGI overflow exploit John LoVerso (Oct 22)
- e/pop vulnerability chaos 255 (Oct 25)
- Re: Imagemap CGI overflow exploit Thomas Reinke (Oct 25)