Vulnerability Development mailing list archives
strcpy bug
From: xenophi1e <oliver.lavery () sympatico ca>
Date: 1 Jun 2003 00:23:24 -0000
Noticed this while looking for something else. EIP is smacked with a 268 byte filename argument. Anyone know an interesting bit of software that calls LZOpenFileA or W? .text:77EB63B6 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ .text:77EB63B6 .text:77EB63B6 ; Attributes: bp-based frame .text:77EB63B6 .text:77EB63B6 ; INT __stdcall LZOpenFileA(LPSTR,LPOFSTRUCT,WORD) .text:77EB63B6 public LZOpenFileA .text:77EB63B6 LZOpenFileA proc near ; CODE XREF: LZOpenFileW+5Cp .text:77EB63B6 .text:77EB63B6 FileName = byte ptr -104h .text:77EB63B6 lpString2 = dword ptr 8 .text:77EB63B6 lpReOpenBuff = dword ptr 0Ch .text:77EB63B6 arg_8 = word ptr 10h .text:77EB63B6 .text:77EB63B6 push ebp .text:77EB63B7 mov ebp, esp .text:77EB63B9 sub esp, 104h .text:77EB63BF push ebx .text:77EB63C0 push esi .text:77EB63C1 push edi .text:77EB63C2 push [ebp+lpString2] ; lpString2 .text:77EB63C5 lea eax, [ebp+FileName] .text:77EB63CB push eax ; lpString1 .text:77EB63CC call lstrcpyA Cheers, ~x
Current thread:
- strcpy bug xenophi1e (Jun 01)
- <Possible follow-ups>
- Re: strcpy bug Dave Korn (Jun 05)
- Re: strcpy bug xenophi1e (Jun 09)
- Re: strcpy bug Dave Korn (Jun 10)