[410] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

daemon@ATHENA.MIT.EDU (Doug Rosenthal)
Fri Feb 17 00:41:39 1995

Date: Thu, 16 Feb 95 20:21:45 CST
From: rosenthl@mcc.com (Doug Rosenthal)
To: www-security@ns2.rutgers.edu
In-Reply-To: <9502170149.AA15000@swindle.Berkeley.EDU> (message from Scott Silvey on Thu, 16 Feb 1995 17:49:32 -0800)
Reply-To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu


    Scott> Any reason why the following wouldn't be an adequate fix?:

    Scott> void strsubfirst(int start,char *dest, char *src) { char
    Scott> tmp[MAX_STRING_LEN];

    Scott> strncpy(tmp,&dest[start],MAX_STRING_LEN);
    Scott> strcpy(dest,src);
    Scott> strncpy(&dest[strlen(src)],tmp,MAX_STRING_LEN); }

Still seems like you could overflow dest, if src is larger
than the space allowed in dest before dest[start] (i.e. dest can't
hold both of the src and dest[start] strings).

- Doug


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[410] in WWW Security List Archive

Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability

daemon@ATHENA.MIT.EDU (Doug Rosenthal)Fri Feb 17 00:41:39 1995

daemon@ATHENA.MIT.EDU (Doug Rosenthal)
Fri Feb 17 00:41:39 1995