Full Disclosure mailing list archives
Re: dproxy - arbitrary code execution through stack buffer overflow vulnerability
From: Alexander Klink <a.klink () cynops de>
Date: Fri, 23 Mar 2007 18:14:25 +0100
Hi, On Fri, Mar 23, 2007 at 04:54:33PM +0000, mu-b wrote:
you might want to NULL terminate query_string while your there....
Good point (C is not exactly my native language ...). Actually, it is not necessary in this case though, because this is done in the decode_domain_name() function that is executed right below:
- strcpy( query_string, pkt.buf ); + strncpy( query_string, pkt.buf, sizeof(query_string) ); decode_domain_name( query_string ); debug("query: %s\n", query_string );
Granted, I only figured that out after looking why it was working despite the \0-omission :-) Regards, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer | a.klink () cynops de mobile: +49 (0)178 2121703 | Cynops GmbH | http://www.cynops.de ----------------------------+----------------------+--------------------- HRB 7833, Amtsgericht | USt-Id: DE 213094986 | Geschäftsführer: Bad Homburg v. d. Höhe | | Martin Bartosch _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- dproxy - arbitrary code execution through stack buffer overflow vulnerability Alexander Klink (Mar 23)
- Re: dproxy - arbitrary code execution through stack buffer overflow vulnerability mu-b (Mar 23)
- Re: dproxy - arbitrary code execution through stack buffer overflow vulnerability Alexander Klink (Mar 23)
- Re: dproxy - arbitrary code execution through stack buffer overflow vulnerability mu-b (Mar 23)