Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Buffer overflow in awk

From: Tim Gerritsen <tim () boompje com>
Date: Mon, 25 Mar 2002 02:54:46 +0100
[gloomy@gloomy /tmp]$ uname -srm;awk -W version|head -1;awk -f `perl -e 'printf "A" x 8177'`; 
Linux 2.4.9 i686
GNU Awk 3.0.4
awk: fatal error: internal error
Aborted (core dumped)
[gloomy@gloomy /tmp]$

--
boompje design          :: http://www.boompje.com/
mannetje development    :: http://www.mannetje.org/



awk -f `perl -e 'print "A" x 8205'`

crashes with
GNU Awk 3.0.6
running on FreeBSD 4.5-STABLE
----- Original Message -----
From: "Hani Mustafa" <hani.mustafa () silksys com>
To: "Kosh Naranek" <kosh () cloud s2engine com>; "Charles-Edouard Ruault"
<cruault () 724 com>; "Walter Jr." <walterjr () pr gov br>
Cc: <vuln-dev () securityfocus com>
Sent: Sunday, March 24, 2002 12:26 PM
Subject: RE: Buffer overflow in awk



Try 8025

euclid#awk -f `perl -e 'print "A" x 8205'`
awk: fatal error: internal error
Aborted (core dumped)

8204 gives an output similar to what you have pasted.


At 06:07 AM 3/17/2002 +1000, Kosh Naranek wrote:


On debian 2.2r3 unstable
squall:~# awk -f `perl -e 'print "A" x 1022'`
awk: cannot open
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAA (File name too long)

Same for 8177 and 65535


-----Original Message-----
From: Charles-Edouard Ruault [mailto:cruault () 724 com]
Sent: Saturday, 16 March 2002 03:06
To: Walter Jr.
Cc: vuln-dev () securityfocus com
Subject: Re: Buffer overflow in awk


same behaviour on GNU Awk 3.1.0, on redhat 7.2

Walter Jr. wrote:


So does conectiva  2.2.13-9cl , awk 3.0.3

From: "Max" <flux9 () 101freeway net>


I can reproduce this on Slackware 8.0, but it takes 8177 char's to
segfault.


From: keoki [mailto:keoki () techie com]

A buffer overflow exist in awk(named awk on most
systems, but actualy is gawk/GNU awk) when calling


the -f option, to include an awk script, and supplying a
filename with a buffer length of 1022 and up.
[root@neural keoki]# awk -f `perl -e 'print "A" x 1022'`
awk: fatal error: internal error
Abort (core dumped


)



--
Charles-Edouard Ruault




.
Previous By Date Next
Previous By Thread Next

Current thread: