Bugtraq mailing list archives
Re: libX11
From: davids () secnet com (David Sacerdote)
Date: Fri, 28 Feb 1997 12:35:07 -0700
Paul Szabo <szabo_p () MATHS SU OZ AU> wrote:
So instead I wrote the following wrapper, and used it to wrap xload, xterm and xconsole. My wrapper, and the SNI advisory, included below.
The wrapper is a good idea. As written, it provides reasonable protection against buffer overflows in large buffers, including the $HOME buffer overflow described in the advisory. Many of the buffers involved in environment variable related overflows in X11R6.1 and earlier are 2048 bytes in size, because this is what the BUFSIZ constant is defined to be. However, not all buffers are large enough to hold a thousand characters. 256 byte buffers are common, and there have been several instances of sloppy string manupulation on buffers as small as 100 bytes. I will grant that the overflows I am aware of in libX11 for X11R6.1 all involve 2048 byte buffers, but it is best to err on the side of caution. For this reason, I urge those using wrappers to limit buffer and argument lengths to a fairly low value, such as 256 bytes or perhaps even something as low as 100 bytes. David Sacerdote
Current thread:
- Re: libX11 Paul Szabo (Feb 27)
- Re: libX11 Alex Belits (Feb 27)
- Re: libX11 David Holland (Feb 27)
- <Possible follow-ups>
- Re: libX11 David Sacerdote (Feb 28)
- Re: libX11 Alex Belits (Feb 27)