lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20040331214504.1123.qmail@www.securityfocus.com>
Date: 31 Mar 2004 21:45:04 -0000
From: Vade 79 <v9@...ehalo.deadpig.org>
To: bugtraq@...urityfocus.com
Subject: Re: cdp buffer overflow vulnerability


In-Reply-To: <20040331161611.75451.qmail@...25104.mail.ukl.yahoo.com>

for the patch you provided you should use sizeof(buffer), not strlen(buffer) (or 200) to limit the amount written to buffer[].

>--- songname.patch ---
>
>--- cdp.c       2004-03-31 15:48:55.000000000 +0100
>+++ cdp.1.c     2004-03-31 15:44:35.000000000 +0100
>@@ -154,7 +154,7 @@
>     for  ( ind = 0; ind < cdStatus.thiscd.ntracks;
>ind++ ) {
>         trk = &cdStatus.thiscd.trk[ ind ];
>         if  ( trk->songname != NULL ) {
>-            sprintf( buffer, "%s", trk->songname );
>+            snprintf( buffer, strlen(buffer), "%s",
>trk->songname );
>         } else
>             buffer[ 0 ] = 0;
>
>
>--- eof ---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ