Fwd: uninitialized buffer in midnight commander

From: Thomas Jarosch <thomas jarosch intra2net com>
To: mc-devel gnome org
Subject: Fwd: uninitialized buffer in midnight commander
Date: Tue, 23 Sep 2003 15:19:46 +0200

Hello!

I've seen this posting on bugtraq, but it looks like
Ilya Teterin didn't care to contact the authors of mc.
Forgive me if I'm wrong :-)

Please CC: reply as I'm not on the list.

Cheers,
Thomas

----------  Forwarded Message  ----------

Subject: uninitialized buffer in midnight commander
Date: Friday 19 September 2003 15:47
From: "Ilya Teterin"  <alienhard mail ru>
To: bugtraq securityfocus com

Midnight Commander is using uninitialized buffer for handling symlinks in VFS
 (tar, cpio). See vfs/direntry.c, handling of buf[] at
 vfs_s_resolve_symlink(). I wonder but it works almost properly ;-)

On linux-i386 I can reach stack buffer overflow using specially crafted
 archive. Open http://buggzy.narod.ru/exp.tgz in mc's VFS to test (mc will
 crash).

Affected systems/vendors/archs: at least linux-i386, mc-4.5.52 to mc-4.6.0,
 too lazy to test others ;-)

P.S. Greetings to iDEFENSE VCP. I'm tired and hungry ;)

-------------------------------------------------------

Follow-Ups:
- Re: Fwd: uninitialized buffer in midnight commander
  - From: Pavel Roskin

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]