Bugtraq mailing list archives
buffer overflows in cracklib?!
From: jlewis () inorganic5 fdt net (Jon Lewis)
Date: Sun, 14 Dec 1997 03:06:25 -0500
While looking at compiling the latest shadow utils with cracklib support, I was kind of surprised when gcc complained about things like: fascist.c:220: warning: passing arg 2 of `strcpy' makes pointer from integer without a cast strcpy in security software...hmm....so I took a look at fascist.c and was pretty surprised to find: char gbuffer[STRINGSIZE]; ... strcpy(gbuffer, Lowercase(pwp->pw_gecos)); STRINGSIZE is defined in cracklib/packer.h:#define STRINGSIZE 256 So...to test this, I used chfn on a Red Hat 4.2 system to set my full-name to a string of about 300+ chars, and tried to change my passwd. $ chfn Changing finger information for jlewis. Password: Name [hmm]: 11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111 Office []: Office Phone []: Home Phone []: Finger information changed. $ passwd Changing password for jlewis (current) UNIX password: New UNIX password: Segmentation fault $ I took a look at Aleph One's Smashing the Stack paper, but got nowhere since chfn (at least on RH 4.2) won't let me have control characters in the gecos field. Still, shouldn't cracklib be fixed? I'm not installing it without some sprintf->snprintf mods. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/message. Florida Digital Turnpike | ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Current thread:
- buffer overflows in cracklib?! Jon Lewis (Dec 14)
- Re: buffer overflows in cracklib?! Rick Byers (Dec 15)
- debian pppd chatscript Stephen Hardman (Dec 15)
- Re: debian pppd chatscript TARBY (Dec 16)
- Re: debian pppd chatscript Wichert Akkerman (Dec 16)
- Word Perfect for Linux v7.0.0116 Hans Petter Bieker (Dec 15)
- Re: buffer overflows in cracklib?! Alec Muffett (Dec 15)
- debian pppd chatscript Stephen Hardman (Dec 15)
- Re: buffer overflows in cracklib?! Rick Byers (Dec 15)