Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [ Hackerslab bug_paper ] Linux dump buffer overflow

From: super () UDEL EDU (Derek Callaway)
Date: Wed, 1 Mar 2000 09:58:16 -0500

On Mon, 28 Feb 2000, ±è¿ëÁØ KimYongJun (99Á¹¾÷) wrote:


[ Hackerslab bug_paper ] Linux dump buffer overflow


<snip>



[loveyou@loveyou SOURCES]$ dump  -f a `perl -e 'print "x" x 556'`
  DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
  DUMP: Date of last level  dump: the epoch
  DUMP: Dumping 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx to a
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
 ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem
  DUMP: SIGSEGV: ABORTING!
Segmentation fault



<snip>

Could this be a problem with glibc, as well? 

[super@white dump]$ pwd
/usr/src/redhat/SOURCES/dump-0.4b4/dump
[super@white dump]$ echo -e "ru -0 `perl -e 'print "A"x5000;'`\nbt" | gdb
dump
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
(gdb) Starting program: /usr/src/redhat/SOURCES/dump-0.4b4/dump/dump -0
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
<snipped long string>
---Type <return> to continue, or q <return> to quit---Program received
signal SIGSEGV, Segmentation fault.
getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88
88      ../sysdeps/generic/getenv.c: No such file or directory.
(gdb) #0  getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88
#1  0x400b3f4a in tzset_internal (always=1094795585) at tzset.c:144
#2  0x400b4ceb in __tz_convert (timer=0xbfffd790, use_localtime=1,
    tp=0x4011e4e0) at tzset.c:575
#3  0x400b08bc in localtime (t=0xbfffd790) at localtime.c:43
#4  0x400b07f8 in ctime (t=0xbfffd790) at ctime.c:32
#5  0x804adde in main (argc=1094795585, argv=0x41414141) at main.c:355
(gdb) [super@white dump]$


From this gdb session, it appears that there _could_ be a problem with

the way that glibc's time functions behave.

--
/* Derek Callaway <super () udel edu> char *sites[]={"http://www.geekwise.com";, 
   Programmer; CE Net, Inc. "http://www.freezersearch.com/index.cfm?aff=dhc";,
   (302) 837-8769           "http://www.homeworkhelp.org",0};  S@IRC  */
Previous By Date Next
Previous By Thread Next

Current thread: