Bugtraq mailing list archives
Re: ftpd: the advisory version
From: barney () PIT DATABUS COM (Barney Wolff)
Date: Thu, 29 Jun 2000 14:53:13 -0400
This is incorrect. Solaris cc will make len very large, if the high bit of domain[0] is set. (Tested on Solaris 2.6) So, it's safe if char is unsigned, unsafe if char is signed. Barney Wolff Kasatenko Ivan Alex. sent:
void func_weak (char *domain) { unsigned char buff[2000]; size_t len = domain[0]; strncpy (&buff[0], &domain[1], len); buff[1999] = '\x00'; }It *is* safe, as far as the char type is concerned. And len cannot fall below zero and cannot grow above 255. (0 <= char <= 255, on most platforms) The size of buff is much more than 255. So this code is safe, in my opinion. The problem may reveal itself only on computers where char type is signed by default.
Current thread:
- Linux capability bounding set weakness, (continued)
- Linux capability bounding set weakness Patrick Reynolds (Jun 26)
- Re: Linux capability bounding set weakness Paul Wouters (Jun 27)
- Re: Linux capability bounding set weakness Matthew Kirkwood (Jun 27)
- Improved ARP sniffer Paul Starzetz (Jun 27)
- [suse-security-announce] SuSE Security Announcement: kernel-2.2.x (fwd) Daniel T. Chen (Jun 27)
- Re: ftpd: the advisory version Steven M. Bellovin (Jun 26)
- Re: ftpd: the advisory version Dan Harkless (Jun 27)
- Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)
- Re: ftpd: the advisory version Sebastian (Jun 28)
- Re: ftpd: the advisory version Kasatenko Ivan Alex. (Jun 29)
- Re: ftpd: the advisory version Barney Wolff (Jun 29)
- Re: ftpd: the advisory version Sebastian (Jun 29)
- (forw) Re: Netscape ftp Server (fwd) Elias Levy (Jun 29)
- Re: ftpd: the advisory version Juergen P. Meier (Jun 30)
- SecureXpert Advisory [SX-20000620-1] SecureXpert DIRECT Sender (Jun 30)
- SecureXpert Advisory [SX-20000620-3] SecureXpert DIRECT Sender (Jun 30)
- Linux capability bounding set weakness Patrick Reynolds (Jun 26)
- Re: ftpd: the advisory version Roger Espel Llima (Jun 28)
- Re: ftpd: the advisory version Kragen Sitaker (Jun 28)