Bugtraq mailing list archives
Re: Possible bufferoverflow condition in lpr, xterm and xload
From: Wolfram.Schmidt () iao fhg de (Wolfram Schmidt)
Date: Tue, 13 Aug 1996 19:24:38 +0200
Casper Dik <casper () holland Sun COM> wrote:
]
] Looks like a problem in X11R6: XOpenDisplay() (OpenDis.c) calls
] a function in lib/X11/ConnDis.c which does a sprintf(address,....).
] address is a static buffer of size 128.
]
] In X11R5 (and before??), there's also a sprintf but in a buffer
] allocated with the proper size.
Solaris 2.5 (said to be X11R5):
$ xterm -display `perl -e "print 'abcde' x 500, ':0';"`
Error: Can't open display:
abcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcdeabcd
$ xterm -display `perl -e "print 'abcde' x 20000 , ':0';"`
Segmentation Fault
$ echo `perl -e "print 'abcde' x 20000 , ':0';"` | wc
1 1 100003
$
Don't konw if it's this very bug, but obviously something doesn't work.
-Wolfram
Current thread:
- Re: Possible bufferoverflow condition in lpr, xterm and xload Wolfram Schmidt (Aug 13)
- <Possible follow-ups>
- Re: Possible bufferoverflow condition in lpr, xterm and xload Jeff Uphoff (Aug 13)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Digital Dreamer (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in David DeSimone (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Vidar Madsen (Aug 15)
- Re: [linux-security] Re: Possible bufferoverflow condition in Shaun Lowry (Aug 16)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- The buggy realpath.c Alan Cox (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Nick Andrew (Aug 20)