[25163] in bugtraq
Re: Remote buffer overflow in Webalizer
daemon@ATHENA.MIT.EDU (Lars Hecking)
Thu Apr 18 23:26:45 2002
Date: Wed, 17 Apr 2002 11:06:58 +0100
From: Lars Hecking <lhecking@nmrc.ie>
To: bugtraq@securityfocus.com
Message-ID: <20020417100658.GA19046@nmrc.ie>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020415225916.13076.qmail@ns364.ovh.net>
Franck Coppola writes:
> Here is a patch to fix the vulnerability (tested against
> webalizer-2.01-06).
> Franck
I assume the fact that the patch was in some mangled, binary-ish format
was the reason why it slipped through to the list. It is quite obviously
wrong (see man strncpy()).
|--- dns_resolv.c Tue Apr 16 00:53:19 2002
|***************
|*** 445,449 ****
| size,strlen(res_ent->h_name));
|
|! strcpy(child_buf, res_ent->h_name);
| size = strlen(child_buf);
| }
|--- 445,449 ----
| size,strlen(res_ent->h_name));
|
|! strncpy(child_buf, res_ent->h_name, MAXHOST);
| size = strlen(child_buf);
| }
