lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: j at pureftpd.org (Jedi/Sector One)
Subject: DoS in PureFTPd

On Mon, Nov 10, 2003 at 04:35:06PM +0100, Adam Zabrocki wrote:
>     Vulnerability function is displayrate(). There is simple
> overflow bug (DoS):

  Killing one's own session is not a DoS.

          const size_t sizeof_resolved_path = MAXPATHLEN + 1U;	
          resolved_path[sizeof_resolved_path - 1U] = 0;	
>         if (realpath(name, resolved_path) == NULL) {
> ...
>         if (resolved_path[sizeof_resolved_path - 1U] != 0) {

  This realpath() doesn't fill more than MAXPATHLEN, including the zero, we
even have an extra byte here. The code you are talking about is not supposed
to be ever reached.

> Function realpath() is write by autor PureFTP.

  No.
  
/*
 * Copyright (c) 1994
 *      The Regents of the University of California.  All rights reserved.
 *
 * This code is derived from software contributed to Berkeley by
 * Jan-Simon Pendry.
 *

  Zok.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@...Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/


Powered by blists - more mailing lists