Full Disclosure mailing list archives
bufferoverflow in client shipped with squid-2.5.STABLE1.tar.gz (latest) and below
From: mr elite <woot_woot_root () yahoo co uk>
Date: Wed, 8 Jan 2003 08:46:46 +0000 (GMT)
Hello, While testing various binarys on Redhat 8.0 i came across a buffer overflow in the /usr/sbin/client program that ships with squid. Redhat 8.0 ships with squid-2.4.STABLE7-4.src.rpm i also looked at client.c source for latest version which has same problem. The problem is when suppling 8229 or more characters when running /usr/sbin/client eg. [fault@b0f fault]$ /usr/sbin/client `perl -e 'print "A"x8229'` Segmentation fault (core dumped) [fault@b0f fault]$ after a quick look at code it seems to be overflowing at the strcpy call. <snips from code> #define BUFSIZ 8192 char url[BUFSIZ], msg[BUFSIZ], buf[BUFSIZ]; else if (argc >= 2) { strcpy(url, argv[argc - 1]); if (url[0] == '-') usage(argv[0]); </snips from code> FIX -=-=- - strcpy(url, argv[argc - 1]); + strncpy(url, argv[argc - 1], sizeof(BUFSIZ)); NOT A SECURITY ISSUE , JUST ANOTHER DUMB SEGFAULT EOF Alan M (faulty) www.b0f.net --------------------------------- With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
Current thread:
- bufferoverflow in client shipped with squid-2.5.STABLE1.tar.gz (latest) and below mr elite (Jan 08)