Vulnerability Development mailing list archives
Re: Possible syslogd DoS ?
From: Petr Baudis <pasky () pasky ji cz>
Date: Fri, 5 Oct 2001 20:05:15 +0200
..snip..
Fix: syslog(0, "%s", buffer);
agreed, sorry :-) ..snip..
Another fix, althought the point of the program is well demonstrated without it: for(;;) { fgets(buffer, sizeof(buffer), fp); buffer[1023] = 0; syslog(0, "%s", buffer); }
running slightly OT, but please tell me, what's the point of that? fgets() reads in at most one less than size characters from stream and stores them into the buffer pointed to by s. Reading stops after an EOF or a newline. If a newline is read, it is stored into the buffer. A '\0' is stored after the last character in the buffer. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ according to the manpage. -- Petr "Pasky" Baudis . . n = ((n >> 1) & 0x55555555) | ((n << 1) & 0xaaaaaaaa); n = ((n >> 2) & 0x33333333) | ((n << 2) & 0xcccccccc); n = ((n >> 4) & 0x0f0f0f0f) | ((n << 4) & 0xf0f0f0f0); n = ((n >> 8) & 0x00ff00ff) | ((n << 8) & 0xff00ff00); n = ((n >> 16) & 0x0000ffff) | ((n << 16) & 0xffff0000); -- C code which reverses the bits in a word. . . My public PGP key is on: http://pasky.ji.cz/~pasky/pubkey.txt -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS d- s++:++ a--- C+++ UL++++$ P+ L+++ E--- W+ N !o K- w-- !O M- !V PS+ !PE Y+ PGP+>++ t+ 5 X(+) R++ tv- b+ DI(+) D+ G e-> h! r% y? ------END GEEK CODE BLOCK------
Current thread:
- Possible syslogd DoS ? Petr Baudis (Oct 03)
- Re: Possible syslogd DoS ? Crist J. Clark (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? VeNoMouS (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- Re: Possible syslogd DoS ? H D Moore (Oct 05)
- Re: Possible syslogd DoS ? Tim Walberg (Oct 05)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 05)
- AnalogX Proxy SMTP server relay Claymore (Oct 05)
- Re: AnalogX Proxy SMTP server relay Joe Stewart (Oct 06)
- Re: Possible syslogd DoS ? Robert van der Meulen (Oct 04)
- Re: Possible syslogd DoS ? White Vampire (Oct 04)
- Re: Possible syslogd DoS ? Pavel Kankovsky (Oct 07)
- Re: Possible syslogd DoS ? Thiago Conde Figueiro (Oct 04)
- <Possible follow-ups>
- RE: Possible syslogd DoS ? Brian McKinney (Oct 04)
- Re: Possible syslogd DoS ? Petr Baudis (Oct 04)