| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Apr 2004 17:57:14 -0300 From: "Carlos Eduardo Pinheiro" <cbc99@....com.br> To: "Didier Arenzana" <darenzana@...oo.fr>, "Shaun Colley" <shaunige@...oo.co.uk>, <bugtraq@...urityfocus.com> Subject: Re: GNU Sharutils buffer overflow vulnerability. btw.. you´re still overwriting 1 byte after the bounds of output_base_name, output_base_name[sizeof(output_base_name)-1] = '\0'; will be sane... ----- Original Message ----- From: "Didier Arenzana" <darenzana@...oo.fr> To: "Shaun Colley" <shaunige@...oo.co.uk>; <bugtraq@...urityfocus.com> Sent: Wednesday, April 07, 2004 5:03 AM Subject: Re: GNU Sharutils buffer overflow vulnerability. > --- Shaun Colley <shaunige@...oo.co.uk> a écrit : > > Product: GNU Sharutils - > > Hello, > I've juste read your advisory, and I'd like to advise your patch is > incomplete: > > > [...] > > case 'o': > > - strcpy (output_base_name, optarg); > > + strncpy (output_base_name, optarg, > > sizeof(output_base_name)); > > You must add > > output_base_name[sizeof(output_base_name)]='\0' ; > > here, otherwize your string will not be null-termminated when optarg is too > long. > > Regards, > Didier. > > > > > > > > Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! > Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ > > Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com >
Powered by blists - more mailing lists