Bugtraq mailing list archives
Getpwnam bus error.. is this patched?
From: croot () ICS BC CA (Charles Howes)
Date: Mon, 23 Jun 1997 18:04:19 -0700
I'm a little behind in the patches. This program dies on Solaris 2.5;
is this already patched, or is it news that getpwnam() has an
overflowable buffer?
-----------------------------------------------------------------------------
#include <stdio.h>
#include <pwd.h>
#include <signal.h>
foobomb()
{
printf("Uhoh... getpwnam() died.\n");
exit();
}
main()
{
char buf[20000];
struct passwd *pw;
memset(buf,'a',19990);
signal(SIGBUS,foobomb);
pw=getpwnam(buf);
signal(SIGBUS,SIG_IGN);
if (!pw)
{
printf("Success, no user was found.\n");
}
else
{
printf("What the... a user was found?\n");
printf(" user: %.100s\n",pw->pw_name);
}
}
-----------------------------------------------------------------------------
--
Charles Howes -- chowes () ics bc ca
Current thread:
- Re: SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 16)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: Getpwnam bus error.. is this patched? Casper Dik (Jun 24)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: shotgun-1.1b buffer overflow(s) Alan Cox (Jun 17)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)