lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 27 Feb 2004 15:08:50 -0500
From: Carson Gaspar <carson+bugtraq@...tos.org>
To: Ollivier Robert <roberto@...tia.freenix.fr>,
	bugtraq@...urityfocus.com
Subject: Re: Calife heap corrupt / potential local root exploit




--On Friday, February 27, 2004 16:49:34 +0000 Ollivier Robert 
<roberto@...tia.freenix.fr> wrote:

> In-Reply-To: <20040227091921.26210.qmail@....securityfocus.com>
>
>>            pt_pass = (char *) getpass ("Password:");
>>            memset (user_pass, '\0', l_size);
>>            strcpy (user_pass, pt_pass); // <- BAD CODE
>
> I could have used strlcpy but I assumed (and my reading of the FreeBSD
> source code confirm it) that getpass(3) was doing the size check.

This is why you shouldn't make such assumptions. Never assume someone else 
validated your input. If you want to write secure code, assume every 
function is under attack from every other function, because someday someone 
will change the program flow, bypassing your carefully crafted validation 
function and passing garbage to your insecure code. Outsourcing your 
validation to other code is the software equivalent of the hard outside / 
soft tasty center security model.

-- 
Carson

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ