|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
lha buffer overflow(s) again
lw
wszia.edu.pl
Date: Sat May 15 2004 - 06:09:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
i posted it yesterday to bugsredhat.com but mailbox is disabled for that recipient :-/
Date: Sat, 15 May 2004 00:24:09 +0200 (CEST)
From: Lukasz Wojtow <gnzstudent.wszia.edu.pl>
To: bugsredhat.com
Subject: LHA buffer overflow (not the last one already fixed)
it seems that lha is quite poorly written. after your last advisory, i
decided to take a look at the code and found 2 BO in function extract_one
(file lhext.c):
if (extract_directory)
sprintf(name, "%s/%s", extract_directory, q);
else
strcpy(name, q);
i bet there is more...
Regards
Lukasz Wojtow
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]