Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible bufferoverflow condition in lpr, xterm and xload

From: exidor () superior net (Christopher Masto)
Date: Wed, 14 Aug 1996 09:51:26 -0400


s/Mosaic/Motif/
xterm is indeed linked with libXaw... Along with a bunch of other
libraries. But the display environment variable is handled, I think, by
the X Intrinsics toolkit, libXt. If both xload and xterm behave the same
way, then chances are the bug's in the library. I don't know how close
the XFree86 implmentation of libXt is, but this *may* be a bug inherited
from MIT's distribution. A quick check of SGI's xterm and xload show
that a DISPLAY variable that's 8192 bytes doesn't cause them any grief.
On the other hand, SGI could have totally rewritten X. I wouldn't put it
past them.


nimbus:~$ a='gibberish'
nimbus:~$ for i in 1 2 3 4 5 6 7 8 9 10 11 12; do a=$a$a; done
nimbus:~$ echo $a | wc -c
   36865
nimbus:~$ xterm -display $a
Bus error
nimbus:~$ uname -sr
FreeBSD 2.1.5-RELEASE
--
Christopher Masto
Previous By Date Next
Previous By Thread Next

Current thread: