[31192] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env

daemon@ATHENA.MIT.EDU (Vade 79)
Thu Aug 14 17:46:21 2003

Date: 14 Aug 2003 19:05:19 -0000
Message-ID: <20030814190519.19809.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Vade 79 <v9@fakehalo.deadpig.org>
To: bugtraq@securityfocus.com

In-Reply-To: <20030810011227.5888.qmail@www.securityfocus.com>

>  ssize_t buflen = 50 * strlen(fmt); /* pick a number, any number 
>*/.............lol
>  *strp = malloc(buflen);
>
>  if (*strp)
>  {
>    va_list ap;
>    va_start(ap, fmt);
>    vsnprintf(*strp, buflen, fmt, 
ap);..................................lol

>getenv("HOME") >50*strlen(%s/.dsh/dsh.conf)  ......buf overflow......

how do you figure? it uses the same buflen value to limit the amount 
written to the buffer in the vsnprintf call as it was allocated(cept 
didn't add space for the null byte)? am i missing something?


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[31192] in bugtraq

Re: PST Linux Advisor--------Dsh-0.24.0 in debian has a home env

daemon@ATHENA.MIT.EDU (Vade 79)Thu Aug 14 17:46:21 2003

daemon@ATHENA.MIT.EDU (Vade 79)
Thu Aug 14 17:46:21 2003