Vulnerability Development mailing list archives

strcpy bug

From: xenophi1e <oliver.lavery () sympatico ca>
Date: 1 Jun 2003 00:23:24 -0000




Noticed this while looking for something else. EIP is smacked with a 268 
byte filename argument. Anyone know an interesting bit of software that 
calls LZOpenFileA or W?

.text:77EB63B6 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E 
¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
.text:77EB63B6 
.text:77EB63B6 ; Attributes: bp-based frame
.text:77EB63B6 
.text:77EB63B6 ; INT __stdcall LZOpenFileA(LPSTR,LPOFSTRUCT,WORD)
.text:77EB63B6                 public LZOpenFileA
.text:77EB63B6 LZOpenFileA     proc near               ; CODE XREF: 
LZOpenFileW+5Cp
.text:77EB63B6 
.text:77EB63B6 FileName        = byte ptr -104h
.text:77EB63B6 lpString2       = dword ptr  8
.text:77EB63B6 lpReOpenBuff    = dword ptr  0Ch
.text:77EB63B6 arg_8           = word ptr  10h
.text:77EB63B6 
.text:77EB63B6                 push    ebp
.text:77EB63B7                 mov     ebp, esp
.text:77EB63B9                 sub     esp, 104h
.text:77EB63BF                 push    ebx
.text:77EB63C0                 push    esi
.text:77EB63C1                 push    edi
.text:77EB63C2                 push    [ebp+lpString2] ; lpString2
.text:77EB63C5                 lea     eax, [ebp+FileName]
.text:77EB63CB                 push    eax             ; lpString1
.text:77EB63CC                 call    lstrcpyA

Cheers,
~x

Current thread:

strcpy bug xenophi1e (Jun 01)
- <Possible follow-ups>
- Re: strcpy bug Dave Korn (Jun 05)
- Re: strcpy bug xenophi1e (Jun 09)
- Re: strcpy bug Dave Korn (Jun 10)