lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 23 Mar 2007 18:14:25 +0100
From: Alexander Klink <a.klink@...ops.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: dproxy - arbitrary code execution through
	stack buffer overflow vulnerability

Hi,

On Fri, Mar 23, 2007 at 04:54:33PM +0000, mu-b wrote:
> you might want to NULL terminate query_string while your there....
Good point (C is not exactly my native language ...). Actually, it
is not necessary in this case though, because this is done in
the decode_domain_name() function that is executed right below:

> > -  strcpy( query_string, pkt.buf );
> > +  strncpy( query_string, pkt.buf, sizeof(query_string) );
> >    decode_domain_name( query_string );
> >    debug("query: %s\n", query_string );

Granted, I only figured that out after looking why it was working
despite the \0-omission :-)

Regards,
    Alex
-- 
Dipl.-Math. Alexander Klink | IT-Security Engineer |    a.klink@...ops.de
 mobile: +49 (0)178 2121703 |          Cynops GmbH | http://www.cynops.de
----------------------------+----------------------+---------------------
      HRB 7833, Amtsgericht | USt-Id: DE 213094986 |     Geschäftsführer:
     Bad Homburg v. d. Höhe |                      |      Martin Bartosch

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ