Full Disclosure mailing list archives
Re: LOL, stupid calife maintainer - this can't be true
From: Timothy Demulder <timothy.demulder () tiscali be>
Date: Sat, 28 Feb 2004 14:54:34 +0100
On Sat, 28 Feb 2004 14:18:20 +0100 "DownBload / Illegal Instruction Labs" <downbload () hotmail com> wrote:
This can't be true...
...
Vulnerable code ("glibc problem" ;-) ->
/root/calife-2.8.4c/db.c
------------------------
...
char got_pass = 0;
char * pt_pass, * pt_enc,
* user_pass, * enc_pass, salt [10];
user_pass = (char *) xalloc (l_size);
enc_pass = (char *) xalloc (l_size);
...
for ( i = 0; i < 3; i ++ )
{
pt_pass = (char *) getpass ("Password:");
memset (user_pass, '\0', l_size);
strcpy (user_pass, pt_pass); // <- BAD CODE
pt_enc = (char *) crypt (user_pass, calife->pw_passwd);
memset (enc_pass, '\0', l_size);
strcpy (enc_pass, pt_enc);
}
...
free (user_pass); // <- FUN CODE ;-)
free (enc_pass); // <- FUN CODE ;-)
...
It's just plain sad, there should be capital punishement for people who code like this. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- LOL, stupid calife maintainer - this can't be true DownBload / Illegal Instruction Labs (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true Timothy Demulder (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true Michal Zalewski (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true mescsa (Feb 28)
- Re: LOL, stupid calife maintainer - this can't be true Timothy Demulder (Feb 28)