|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: FW: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd
From: Oliver Friedrichs (of
SECURITYFOCUS.COM)Date: Thu Nov 16 2000 - 11:28:59 CST
- Next message: Tom: "Re: code auditing tools"
- Previous message: Oliver Friedrichs: "code auditing tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Here's a good example of how NOT to use sizeof()
-----Original Message-----
From: Christos Zoulas [mailto:christosZOULAS.COM]
Sent: Wednesday, November 15, 2000 2:55 PM
To: BUGTRAQSECURITYFOCUS.COM
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd
On Nov 14, 2:30pm, security-advisoriesFREEBSD.ORG (FreeBSD Security
Advisories) wrote:
-- Subject: FreeBSD Security Advisory: FreeBSD-SA-00:69.telnetd
The code below is incorrect at least on the version of telnetd I
am looking at. A few lines above the uni-diff "line" is declared
to be "extern char *" thus sizeof(line) will return sizeof(char *),
which is not what is clearly wrong. Also the patch is missing a
few more possible buffer overflows that may or may not be significant.
christos
| --- telnetd.c 2000/01/25 14:52:00 1.22
| +++ telnetd.c 2000/10/31 05:29:54 1.23
| -811,7 +811,7
| fatal(net, "Out of ptys");
|
| if ((pty = open(lp, 2)) >= 0) {
| - strcpy(line,lp);
| + strlcpy(line,lp,sizeof(line));
| line[5] = 't';
| break;
| }
- Next message: Tom: "Re: code auditing tools"
- Previous message: Oliver Friedrichs: "code auditing tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]