Bugtraq mailing list archives

Re: Possible bufferoverflow condition in lpr, xterm and xload

From: jeremyp () gsms01 alcatel com au (Peter Jeremy)
Date: Wed, 14 Aug 1996 13:26:04 +1000


Wolfram Schmidt <Wolfram.Schmidt () iao fhg de> wrote:

Casper Dik <casper () holland Sun COM> wrote:
]
] Looks like a problem in X11R6: XOpenDisplay() (OpenDis.c) calls
] a function in lib/X11/ConnDis.c which does a sprintf(address,....).
] address is a static buffer of size 128.
]
] In X11R5 (and before??), there's also a sprintf but in a buffer
] allocated with the proper size.

Solaris 2.5 (said to be X11R5):

[fails test]

As further data points, the error doesn't occur on Solaris 2.4 (with
patches as of a few months ago).  It _does_ occur using a stock X11R5
xterm (off the O'Reilly CD-ROM) on SunOS 4.1.3, but doesn't with
Sun's xterm (I'm not certain exactly which version of OpenWindows I have
installed).

The fact that the problem can occur in X11R5 means that its not solely
related to the code in _XConnectDisplay().

Peter

Current thread:

Re: Possible bufferoverflow condition in lpr, xterm and xload Wolfram Schmidt (Aug 13)
- <Possible follow-ups>
- Re: Possible bufferoverflow condition in lpr, xterm and xload Jeff Uphoff (Aug 13)
  - Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
    - Re: [linux-security] Re: Possible bufferoverflow condition in Digital Dreamer (Aug 14)
    - Re: [linux-security] Re: Possible bufferoverflow condition in David DeSimone (Aug 14)
    - Re: [linux-security] Re: Possible bufferoverflow condition in Vidar Madsen (Aug 15)
    - Re: [linux-security] Re: Possible bufferoverflow condition in Shaun Lowry (Aug 16)
  - The buggy realpath.c Alan Cox (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Peter Jeremy (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Zygo Blaxell (Aug 20)
  - Re: Possible bufferoverflow condition in lpr, xterm and xload Nick Andrew (Aug 20)