[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] Buffer overflow on tftpd?
From: |
Mats Erik Andersson |
Subject: |
Re: [bug-inetutils] Buffer overflow on tftpd? |
Date: |
Sun, 2 Feb 2020 22:54:40 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Dear Ricardo Ribalda,
thank you very much for the report, and please excuse my late response.
Tordag den 18:e juli 2019, klockan 14:34, skrev Ricardo Ribalda Delgado detta:
> I have compiled ftfpd with gcc 8.3 and Glibc 2.29. I use it with
> xinetd 2.3.15. When I request the server an inexistent file, the
> server dies with :
>
> *** buffer overflow detected ***
Is this read off a syslog file like `daemon.log'?
Is it verbatime with asterisks?
Was that `get missing-file' the very first action?
> After some debugging I figured out that the error is in nack(error) at:
>
> strcpy (tp->th_msg, pe->e_msg);
>
> For more that I see the code, I cannot find the overflow. buff has
> enough space to fetch 15 bytes, but maybe I am too old for this kind
> of bugs :)
I have not been able to reproduce the failure, in spite of investing
too many hours in finding weak points, and using GNU/Linux (older than
your issue), OpenIndiana, and FreeBSD. In the process, two possibilities
were strlen(NULL) and strcpy(s1, NULL), but visual back tracking did
not disclose even a remote possibility of either. At the moment I have
no idea where to look, but will bear it in mind.
Best regards,
Mats E Andersson
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [bug-inetutils] Buffer overflow on tftpd?,
Mats Erik Andersson <=