[32661] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue

daemon@ATHENA.MIT.EDU (David Shaw)
Wed Dec 3 14:41:46 2003

Date: Wed, 3 Dec 2003 13:48:16 -0500
From: David Shaw <dshaw@jabberwocky.com>
To: bugtraq <bugtraq@securityfocus.com>
Message-ID: <20031203184816.GE11489@jabberwocky.com>
Mail-Followup-To: bugtraq <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <3FCDE57E.3050601@s-quadra.com>

On Wed, Dec 03, 2003 at 04:30:38PM +0300, S-Quadra Security Research wrote:
>      if(gotit)
>        {
>          // S-Quadra: here is where format string bug lives
>          fprintf(output,line);
>          if(strcmp(line,"-----END PGP PUBLIC KEY BLOCK-----\n")==0)
>        break;
>        }

This one is indeed a problem.

>        if(strcmp(line,"-----BEGIN PGP PUBLIC KEY BLOCK-----\n")==0)
>          {
>            // S-Quadra: here is where format string bug lives
>        fprintf(output,line);
>        gotit=1;
>          }

But this one is not.  You can't get to the dangerous fprintf without
"line" being verified as safe.

David


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32661] in bugtraq

Re: GnuPG 1.2.3, 1.3.3 external HKP interface format string issue

daemon@ATHENA.MIT.EDU (David Shaw)Wed Dec 3 14:41:46 2003

daemon@ATHENA.MIT.EDU (David Shaw)
Wed Dec 3 14:41:46 2003