Bugtraq mailing list archives
Re: ftpd: the advisory version
From: kragen () POBOX COM (Kragen Sitaker)
Date: Thu, 29 Jun 2000 01:45:51 -0400
Someone writes:
[Dan Harkless wrote:]len should be a size_t (which is typedef'd to be some kind of unsigned int), which would avoid the problem (without having to mess with explicitly unsigned chars, which will cause warnings on platforms where chars are signed, for one thing).suppose domain[0] == '\x80', then if domain is `signed char' then len is -128, and if it's casted to unsigned int when calling strncpy can be 2^(sizeof(int)*8-1)-1, so there you go :)
I was going to reply to Dan's post and say the same thing, but then I realized that he didn't mean making len size_t or otherwise unsigned would make the code handle >127-char strings; he meant that it would return here: if (len >= 64) return; And he's right. Making len be a size_t will prevent this bug from becoming a buffer overflow. ;) -- <kragen () pobox com> Kragen Sitaker <http://www.pobox.com/~kragen/> The Internet stock bubble didn't burst on 1999-11-08. Hurrah! <URL:http://www.pobox.com/~kragen/bubble.html> The power didn't go out on 2000-01-01 either. :)
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)
- Re: ftpd: the advisory version Sebastian (Jun 28)
- Re: ftpd: the advisory version Kasatenko Ivan Alex. (Jun 29)
- Re: ftpd: the advisory version Barney Wolff (Jun 29)
- Re: ftpd: the advisory version Sebastian (Jun 29)
- (forw) Re: Netscape ftp Server (fwd) Elias Levy (Jun 29)
- Re: ftpd: the advisory version Juergen P. Meier (Jun 30)
- SecureXpert Advisory [SX-20000620-1] SecureXpert DIRECT Sender (Jun 30)
- SecureXpert Advisory [SX-20000620-3] SecureXpert DIRECT Sender (Jun 30)
- Re: ftpd: the advisory version Roger Espel Llima (Jun 28)
- Re: ftpd: the advisory version Kragen Sitaker (Jun 28)