Bugtraq mailing list archives
Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability
From: Vade 79 <v9 () fakehalo deadpig org>
Date: 14 Aug 2003 19:05:19 -0000
In-Reply-To: <20030810011227.5888.qmail () www securityfocus com>
ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number */.............lol *strp = malloc(buflen); if (*strp) { va_list ap; va_start(ap, fmt); vsnprintf(*strp, buflen, fmt,
ap);..................................lol
getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow......
how do you figure? it uses the same buflen value to limit the amount written to the buffer in the vsnprintf call as it was allocated(cept didn't add space for the null byte)? am i missing something?
Current thread:
- PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability yan feng (Aug 11)
- <Possible follow-ups>
- Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability Vade 79 (Aug 14)