[3141] in bugtraq
Re: Possible bufferoverflow condition in lpr, xterm and xload
daemon@ATHENA.MIT.EDU (Wolfram Schmidt)
Tue Aug 13 18:38:08 1996
Date: Tue, 13 Aug 1996 19:24:38 +0200
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Wolfram Schmidt <Wolfram.Schmidt@iao.fhg.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Casper Dik <casper@holland.Sun.COM> wrote:
]
] Looks like a problem in X11R6: XOpenDisplay() (OpenDis.c) calls
] a function in lib/X11/ConnDis.c which does a sprintf(address,....).
] address is a static buffer of size 128.
]
] In X11R5 (and before??), there's also a sprintf but in a buffer
] allocated with the proper size.
Solaris 2.5 (said to be X11R5):
$ xterm -display `perl -e "print 'abcde' x 500, ':0';"`
Error: Can't open display: abcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcd
$ xterm -display `perl -e "print 'abcde' x 20000 , ':0';"`
Segmentation Fault
$ echo `perl -e "print 'abcde' x 20000 , ':0';"` | wc
1 1 100003
$
Don't konw if it's this very bug, but obviously something doesn't work.
-Wolfram
