| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070323.3866c0ba0b0bf47ab7f0428018140f65@cynops.de>
Date: Fri, 23 Mar 2007 18:14:25 +0100
From: Alexander Klink <a.klink@...ops.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: dproxy - arbitrary code execution through
stack buffer overflow vulnerability
Hi,
On Fri, Mar 23, 2007 at 04:54:33PM +0000, mu-b wrote:
> you might want to NULL terminate query_string while your there....
Good point (C is not exactly my native language ...). Actually, it
is not necessary in this case though, because this is done in
the decode_domain_name() function that is executed right below:
> > - strcpy( query_string, pkt.buf );
> > + strncpy( query_string, pkt.buf, sizeof(query_string) );
> > decode_domain_name( query_string );
> > debug("query: %s\n", query_string );
Granted, I only figured that out after looking why it was working
despite the \0-omission :-)
Regards,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer | a.klink@...ops.de
mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de
----------------------------+----------------------+---------------------
HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer:
Bad Homburg v. d. Höhe | | Martin Bartosch
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists