lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 14 Aug 2003 19:05:19 -0000 From: Vade 79 <v9@...ehalo.deadpig.org> To: bugtraq@...urityfocus.com Subject: Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env Buffer Overflow Vulnerability In-Reply-To: <20030810011227.5888.qmail@....securityfocus.com> > ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number >*/.............lol > *strp = malloc(buflen); > > if (*strp) > { > va_list ap; > va_start(ap, fmt); > vsnprintf(*strp, buflen, fmt, ap);..................................lol >getenv("HOME") >50*strlen(%s/.dsh/dsh.conf) ......buf overflow...... how do you figure? it uses the same buflen value to limit the amount written to the buffer in the vsnprintf call as it was allocated(cept didn't add space for the null byte)? am i missing something?
Powered by blists - more mailing lists