Vulnerability Development mailing list archives
Re: some things to play with
From: typo () SCENE AT (Firstname Lastname)
Date: Fri, 14 Jul 2000 13:16:34 +0200
<rant> im really annoyed now.. can't people just shut up when they don't know what they're talking about? </rant> On Fri, Jul 14, 2000 at 01:08:01PM +0400, Vladimir Dubrovin wrote:
It's just a buggy code of 2b.c. It must be:
no it's not.. i can be sure that argv[2] == NULL when argc = 2, which gives argc=0 to the called program, with argv[0] == NULL and a null pointer dereference in strrchr(). no, this isn't exploitable. yes, it yields unexpected behaviour in some other programs... yes argv[0] needs a lot more checking in security aware programs. --- snip from another mail from me to another list --- the problem is present in strrchr.S in glibc (at least in sysdeps/i386): L(19): movl (%esi), %edx /* get word (= 4 bytes) in question */ with %esi being 0x00000000. im not sure if it's correct to blame it on libc, but an additional check won't hurt.. my patched tesolibc(which includes various other security patches) has this check in sysdeps/i386/strrchr.S: movl 12(%esp), %esi /* get string pointer */ movl 16(%esp), %ecx /* get character we are looking for */ + orl %esi, %esi + jz L(2) --- -- so much entropy, so little time
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug Juan M. Courcoul (Jul 07)
- remote exploit Jim Stickley (Jul 07)
- Re: remote exploit Bluefish (Jul 08)
- Re: remote exploit Gerardo Richarte (Jul 10)
- Re: BitchX /ignore bug Matthew S. Hallacy (Jul 06)
- Updated Default Account Database Eric Knight (Jul 06)
- Re: Updated Default Account Database Jesus D. Muz@oz Largo (Jul 12)
- Re: Updated Default Account Database Nathan Einwechter (Jul 12)
- some things to play with Firstname Lastname (Jul 13)
- Re: some things to play with Vladimir Dubrovin (Jul 14)
- Re: some things to play with Firstname Lastname (Jul 14)
- Re: some things to play with Vladimir Dubrovin (Jul 17)
- Red Hat Linux 6.2 - VIM 5.6 Paulo Ribeiro (Jul 12)
- Re: BitchX /ignore bug Jeremy Gaddis (Jul 06)
- (NT) When exploit CGI's that allow viewing of files... Marc (Jul 06)
- Re: (NT) When exploit CGI's that allow viewing of files... Blue Boar (Jul 06)