Forwarding since I don't remember seeing it here.
David.
-- David Luyer Phone: +61 3 9674 7525 Network Development Manager P A C I F I C Fax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 1111 BYTE http://www.pacific.net.au/ NASDAQ: PCNTF ----- Original Message ----- From: mr elite To: full-disclosure@lists.netsys.com Sent: Wednesday, January 08, 2003 7:46 PM Subject: [Full-Disclosure] bufferoverflow in client shipped with squid-2.5.STABLE1.tar.gz (latest) and below Hello, While testing various binarys on Redhat 8.0 i came across a buffer overflow in the /usr/sbin/client program that ships with squid. Redhat 8.0 ships with squid-2.4.STABLE7-4.src.rpm i also looked at client.c source for latest version which has same problem. The problem is when suppling 8229 or more characters when running /usr/sbin/client eg. [fault@b0f fault]$ /usr/sbin/client `perl -e 'print "A"x8229'` Segmentation fault (core dumped) [fault@b0f fault]$ after a quick look at code it seems to be overflowing at the strcpy call. <snips from code> #define BUFSIZ 8192 char url[BUFSIZ], msg[BUFSIZ], buf[BUFSIZ]; else if (argc >= 2) { strcpy(url, argv[argc - 1]); if (url[0] == '-') usage(argv[0]); </snips from code> FIX -=-=- - strcpy(url, argv[argc - 1]); + strncpy(url, argv[argc - 1], sizeof(BUFSIZ)); NOT A SECURITY ISSUE , JUST ANOTHER DUMB SEGFAULT EOF Alan M (faulty) www.b0f.net With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needsReceived on Wed Jan 08 2003 - 06:55:27 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:19:06 MST