Bugtraq mailing list archives
Getpwnam bus error.. is this patched?
From: croot () ICS BC CA (Charles Howes)
Date: Mon, 23 Jun 1997 18:04:19 -0700
I'm a little behind in the patches. This program dies on Solaris 2.5; is this already patched, or is it news that getpwnam() has an overflowable buffer? ----------------------------------------------------------------------------- #include <stdio.h> #include <pwd.h> #include <signal.h> foobomb() { printf("Uhoh... getpwnam() died.\n"); exit(); } main() { char buf[20000]; struct passwd *pw; memset(buf,'a',19990); signal(SIGBUS,foobomb); pw=getpwnam(buf); signal(SIGBUS,SIG_IGN); if (!pw) { printf("Success, no user was found.\n"); } else { printf("What the... a user was found?\n"); printf(" user: %.100s\n",pw->pw_name); } } ----------------------------------------------------------------------------- -- Charles Howes -- chowes () ics bc ca
Current thread:
- Re: SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 16)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: Getpwnam bus error.. is this patched? Casper Dik (Jun 24)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: shotgun-1.1b buffer overflow(s) Alan Cox (Jun 17)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)