| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030108084646.60549.qmail@web10406.mail.yahoo.com>
From: woot_woot_root at yahoo.co.uk (mr elite)
Subject: bufferoverflow in client shipped with squid-2.5.STABLE1.tar.gz (latest) and below
Hello,
While testing various binarys on Redhat 8.0 i came
across a buffer overflow in the /usr/sbin/client
program that ships with squid. Redhat 8.0 ships with
squid-2.4.STABLE7-4.src.rpm i also looked at client.c
source for latest version which has same problem. The
problem is when suppling 8229 or more characters when
running /usr/sbin/client eg.
[fault@b0f fault]$ /usr/sbin/client `perl -e 'print
"A"x8229'`
Segmentation fault (core dumped)
[fault@b0f fault]$
after a quick look at code it seems to be overflowing
at the strcpy call.
<snips from code>
#define BUFSIZ 8192
char url[BUFSIZ], msg[BUFSIZ], buf[BUFSIZ];
else if (argc >= 2) {
strcpy(url, argv[argc - 1]);
if (url[0] == '-')
usage(argv[0]);
</snips from code>
FIX
-=-=-
- strcpy(url, argv[argc - 1]);
+ strncpy(url, argv[argc - 1], sizeof(BUFSIZ));
NOT A SECURITY ISSUE , JUST ANOTHER DUMB SEGFAULT
EOF
Alan M
(faulty)
www.b0f.net
---------------------------------
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030108/f3fcf8e7/attachment.html
Powered by blists - more mailing lists