[4775] in bugtraq
Getpwnam bus error.. is this patched?
daemon@ATHENA.MIT.EDU (Charles Howes)
Tue Jun 24 00:28:50 1997
Date: Mon, 23 Jun 1997 18:04:19 -0700
Reply-To: Charles Howes <croot@ICS.BC.CA>
From: Charles Howes <croot@ICS.BC.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.96.970616175612.18871A-100000@mailrus.fv.com>
I'm a little behind in the patches. This program dies on Solaris 2.5;
is this already patched, or is it news that getpwnam() has an
overflowable buffer?
-----------------------------------------------------------------------------
#include <stdio.h>
#include <pwd.h>
#include <signal.h>
foobomb()
{
printf("Uhoh... getpwnam() died.\n");
exit();
}
main()
{
char buf[20000];
struct passwd *pw;
memset(buf,'a',19990);
signal(SIGBUS,foobomb);
pw=getpwnam(buf);
signal(SIGBUS,SIG_IGN);
if (!pw)
{
printf("Success, no user was found.\n");
}
else
{
printf("What the... a user was found?\n");
printf(" user: %.100s\n",pw->pw_name);
}
}
-----------------------------------------------------------------------------
--
Charles Howes -- chowes@ics.bc.ca
