[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Buffer overflow in uucpd.c/do_login()
From: |
Tim Rühsen |
Subject: |
Buffer overflow in uucpd.c/do_login() |
Date: |
Sun, 16 Feb 2020 20:12:26 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2 |
L411-L414:
strcpy (line, remotehost);
SCPYN (ll.ll_line, line);
SCPYN (ll.ll_host, remotehost);
write (f, (char *) &ll, sizeof (ll));
'remotehost' is either 64 bytes or 1025 (depends on the code paths
protected by #ifdef). 'line' is only 32 bytes. I have no idea about L411
- if it's an accident or on (what ?) purpose.
Apart from that, the two calls to SCPYN() *may* not 0-terminate the
strings ll.ll_line and ll.ll_host in every case (if line or remotehost
have lengths >= the destination).
A few lines above:
# define SCPYN(a, b) strncpy(a, b, sizeof (a))
Regards, Tim
signature.asc
Description: OpenPGP digital signature
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Buffer overflow in uucpd.c/do_login(),
Tim Rühsen <=