[3161] in bugtraq
Re: Possible bufferoverflow condition in lpr, xterm and xload
daemon@ATHENA.MIT.EDU (Peter Jeremy)
Wed Aug 14 16:06:50 1996
Date: Wed, 14 Aug 1996 13:26:04 +1000
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Peter Jeremy <jeremyp@gsms01.alcatel.com.au>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Wolfram Schmidt <Wolfram.Schmidt@iao.fhg.de> wrote:
>Casper Dik <casper@holland.Sun.COM> wrote:
>]
>] Looks like a problem in X11R6: XOpenDisplay() (OpenDis.c) calls
>] a function in lib/X11/ConnDis.c which does a sprintf(address,....).
>] address is a static buffer of size 128.
>]
>] In X11R5 (and before??), there's also a sprintf but in a buffer
>] allocated with the proper size.
>
>Solaris 2.5 (said to be X11R5):
[fails test]
As further data points, the error doesn't occur on Solaris 2.4 (with
patches as of a few months ago). It _does_ occur using a stock X11R5
xterm (off the O'Reilly CD-ROM) on SunOS 4.1.3, but doesn't with
Sun's xterm (I'm not certain exactly which version of OpenWindows I have
installed).
The fact that the problem can occur in X11R5 means that its not solely
related to the code in _XConnectDisplay().
Peter
