Bugtraq mailing list archives
Re: CPSN 4-970424: Possible buffer overflow in pop3d
From: achurch () DRAGONFIRE NET (Andy Church)
Date: Mon, 28 Apr 1997 11:23:54 EDT
FUNCTION: svr_auth(state,inbuf), has the "offending" line: strcpy(cli_user,inbuf); BUT: svr_auth is called from MAIN with: svr_state = svr_auth(svr_state,cli_buf); where cli_buf is read previously from stdin with: if (fgetl(cli_buf,CLI_BUFSIZ,stdin) == NULL) Now this machine doesn't have a manpage for "fgetl"
It's a custom routine (see util.c) which reads a line of text from a file and discards all but the first `len'-1 bytes (CLI_BUFSIZ-1 in this case).
but, from the arguments, it looks like it will check the length...
Indeed it will; therefore, _the strcpy() is safe_. However, as a general rule, I always comment strcpy() or similar calls with an explanation of why the call is safe in order to prevent confusion such as this. This just goes to show that strcpy() isn't _always_ a security hole... --Andy Church | If Bell Atlantic really is the heart achurch () dragonfire net | of communication, then it desperately www.dragonfire.net/~achurch/ | needs a quadruple bypass.
Current thread:
- Re: Overflow in xlock, (continued)
- Re: Overflow in xlock Bollinger (Apr 27)
- Re: Overflow in xlock Andrew G. Morgan (Apr 27)
- Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 26)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- BIND ID Brute Force Fix Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 27)
- Re: Thoughts about DNS... Thomas H. Ptacek (Apr 27)
- Re: Thoughts about DNS... Illuminati Primus (Apr 26)