Re: Potential vulnerabilities in GDB 7.8

bug-gdb

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Potential vulnerabilities in GDB 7.8

From:	Sergio Durigan Junior
Subject:	Re: Potential vulnerabilities in GDB 7.8
Date:	Thu, 21 Aug 2014 11:05:55 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

On Wednesday, August 20 2014, Hádrian R wrote:

> Hi, I'm Kaiwaiata, since more than 2h searching and finding various
> possible vulnerabilities in source code of GDB..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..

Hello Kaiwaiata,

Thanks for the message.  However, this list is not used by GDB folks
anymore.  I recommend you to post your message on <address@hidden>.

> unsafe use of *strcpy()* in *int net_open (.. ..){**:*
>
> *gdb-7.8.tar\gdb\ser-tcp.c:*
> *    line 187: *strncpy (hostname, name, tmp);
> *    line 187: *strcpy (hostname, "localhost");

You could even post a patch fixing this, if you want.  To do that, send
the patch to <address@hidden>.

Thanks,

-- 
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

[Prev in Thread]

Current Thread

[Next in Thread]

Potential vulnerabilities in GDB 7.8, Hádrian R, 2014/08/21
- Re: Potential vulnerabilities in GDB 7.8, Sergio Durigan Junior <=

Prev by Date: Displaying structure members named like C keywords.
Next by Date: Re: Displaying structure members named like C keywords.
Previous by thread: Potential vulnerabilities in GDB 7.8
Next by thread: Displaying structure members named like C keywords.
Index(es):
- Date
- Thread