Bugtraq mailing list archives
Re: TOG and xterm problem
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Mon, 4 May 1998 10:31:04 -0400
--==_Exmh_-15157014P Content-Type: text/plain; charset=us-ascii On Mon, 04 May 1998 11:06:05 +0200, you said:
xc/programs/xterm/charproc.c: * HandleKeymapChange(): (void) sprintf( mapName, "%sKeymap", params[0] ); (void) strcpy( mapClass, mapName ); (actually, the second command is mostly harmless because the size of mapName and mapClass is the same)
Actually, not necessarily. It's "mostly harmless" if in addition to the sizes being the same, you can "prove" in the program-correctness sense that the source will be null-terminated at the appropriate place. Think. if they just overflowed mapName via sprintf, then they can ALSO overflow mapClass. And it's quite possible that mapClass is the array that you need to overflow to create the exploit (mapName possibly being at an inconvenient location in memory...) This of course as just a "general guideline" - an actual examination of the source is required. I'm just pointing out that "they're the same size" is not always enough.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech --==_Exmh_-15157014P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQCVAwUBNU3RJ9QBOOoptg9JAQGqEAP/dIjBJQ2ID9S3KMK7pQfmgTqXoyzcfBl9 uOAIWIxax2m0nvvJKQ2gVoHPKvpygbQyb7AqlSBC/+uXP5aGvU1Qo3lnECCj8WmU iG54syYzalg5vuXIM0tngSLTWB3GoiV8UBOrsMcHvhf1QmJ61JxX6S4ZGxi4yHFn woZXJrYjlT8= =dQ2I -----END PGP MESSAGE----- --==_Exmh_-15157014P--
Current thread:
- TOG and xterm problem Jeff Gehlbach (Apr 30)
- Re: TOG and xterm problem Theo de Raadt (May 01)
- Re: TOG and xterm problem Trevor Johnson (May 03)
- Warning! Webmin Security Advisory Jiva DeVoe (May 01)
- Solaris kernel sockets interface (bug?) Natali Gracheva (May 01)
- Re: TOG and xterm problem Pavel Kankovsky (May 04)
- Re: TOG and xterm problem Valdis.Kletnieks () VT EDU (May 04)
- Netmanage Holes arager () MCGRAW-HILL COM (May 04)
- Re: TOG and xterm problem System Administrator (May 04)
- Re: TOG and xterm problem David Dawes (May 06)
- Netmanage Holes -- addendum arager () MCGRAW-HILL COM (May 04)
- Re: Netmanage Holes -- addendum Tom Czarnik (May 04)
- <Possible follow-ups>
- Re: TOG and xterm problem Pavel Kankovsky (May 04)
- Re: TOG and xterm problem Theo de Raadt (May 01)