Bugtraq mailing list archives
Re: ftpd: the advisory version
From: bernd.luevelsmeyer () HEITEC NET (Bernd Luevelsmeyer)
Date: Sun, 25 Jun 2000 09:43:19 +0200
Lamagra Argamal wrote: [...]
There are some other bugs in site_exec like for (t = cmd; *t && !isspace(*t); t++) { if (isupper(*t)) { *t = tolower(*t); } } Sanitizing stops at a space?? (good thing I didn't tell you this, eh tf8)
[...] According to the C standard, <ctype.h> functions operate on values that are representable as a 'unsigned char' or EOF; hence, if the compiler's 'char' is signed then negative character values in the string 'cmd' are possible and might cause unpredictable results in isspace(), isupper() and tolower(). Because sanitizing shouldn't stop, and the test with isupper() is unnecessary anyway (tolower() returns the unchanged value if the parameter isn't an uppercase letter), I suggest: for (t = cmd; *t; t++) *t = tolower((unsigned char)*t);
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994 Bernhard Rosenkraenzer (Jun 22)
- Re: WuFTPD: Providing *remote* root since at least1994 Daniel Jacobowitz (Jun 22)
- Re: WuFTPD: Providing *remote* root since at least1994 Marcus Meissner (Jun 23)
- Why pine must never be sgid Stan Bubrouski (Jun 23)
- sawmill5.0.21 old path bug & weak hash algorithm Cashdollar, Larry (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Tomasz Grabowski (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Bernhard Rosenkraenzer (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Gregory A Lundberg (Jun 27)
- ftpd: the advisory version Lamagra Argamal (Jun 23)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- Re: ftpd: the advisory version Sebastian (Jun 26)
- [RHSA-2000:037-05] New Linux kernel fixes security bug bugzilla () REDHAT COM (Jun 26)
- LeafChat Denial of Service Andrew Lewis (Jun 25)
- Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Peter Grundl (Jun 26)
- Re: ftpd: the advisory version Bernd Luevelsmeyer (Jun 25)
- <Possible follow-ups>
- Re: WuFTPD: Providing *remote* root since at least1994 Peter Pentchev (Jun 23)
- Re: WuFTPD: Providing *remote* root since at least1994 der Mouse (Jun 25)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Carson Gaspar (Jun 27)
- Re: WuFTPD: Providing *remote* root since at least1994 Casper Dik (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Mikael Olsson (Jun 26)
(Thread continues...)
- Re: WuFTPD: Providing *remote* root since at least1994 Daniel Jacobowitz (Jun 22)