|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: some things to play with
From: typo
scene.atDate: Thu Jul 13 2000 - 14:36:43 CDT
- Next message: James Antill: "Re: some things to play with"
- Previous message: Athanasius: "Re: some things to play with"
- In reply to: Athanasius: "Re: some things to play with"
- Next in thread: typoscene.at: "Re: some things to play with"
- Reply: typoscene.at: "Re: some things to play with"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Jul 13, 2000 at 07:37:46PM +0100, Athanasius wrote:
> i.e. b2 was running it without further arguments, so chage used argv[0]
> in that Usage message.
wrong:
directly from glibc2.1.3:
/* Entry point for printing other strings. */ \
LABEL (print_string): \
if (string == NULL) \
{ \
/* Write "(null)" if there's space. */ \
if (prec == -1 || prec >= (int) sizeof (null) - 1) \
{ \
string = (char *) null; \
len = sizeof (null) - 1; \
...
so this wouldn't crash, but print (null).
the problem is present in strrchr.S in glibc (at least in sysdeps/i386):
L(19): movl (%esi), %edx /* get word (= 4 bytes) in question */
with %esi being 0x00000000.
im not sure if it's correct to blame it on libc, but an additional check
won't hurt.. my patched tesolibc(which includes various other security patches)
has this check in sysdeps/i386/strrchr.S:
movl 12(%esp), %esi /* get string pointer */
movl 16(%esp), %ecx /* get character we are looking for */
+ orl %esi, %esi
+ jz L(2)
-- so much entropy, so little time
- Next message: James Antill: "Re: some things to play with"
- Previous message: Athanasius: "Re: some things to play with"
- In reply to: Athanasius: "Re: some things to play with"
- Next in thread: typoscene.at: "Re: some things to play with"
- Reply: typoscene.at: "Re: some things to play with"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]