Re: Calife heap corrupt / potential local root exploit
From: Carson Gaspar (carson+bugtraq_at_taltos.org)
Date: 02/27/04
- Previous message: lion: "[HUC] Serv-U FTPD 2.x/3.x/4.x/5.x "MDTM" Command Remote Exploit"
- In reply to: Ollivier Robert: "Re: Calife heap corrupt / potential local root exploit"
- Next in thread: Ollivier Robert: "Re: Calife heap corrupt / potential local root exploit"
- Reply: Ollivier Robert: "Re: Calife heap corrupt / potential local root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 15:08:50 -0500 To: Ollivier Robert <roberto@keltia.freenix.fr>, bugtraq@securityfocus.com
--On Friday, February 27, 2004 16:49:34 +0000 Ollivier Robert
<roberto@keltia.freenix.fr> wrote:
> In-Reply-To: <20040227091921.26210.qmail@www.securityfocus.com>
>
>> pt_pass = (char *) getpass ("Password:");
>> memset (user_pass, '\0', l_size);
>> strcpy (user_pass, pt_pass); // <- BAD CODE
>
> I could have used strlcpy but I assumed (and my reading of the FreeBSD
> source code confirm it) that getpass(3) was doing the size check.
This is why you shouldn't make such assumptions. Never assume someone else
validated your input. If you want to write secure code, assume every
function is under attack from every other function, because someday someone
will change the program flow, bypassing your carefully crafted validation
function and passing garbage to your insecure code. Outsourcing your
validation to other code is the software equivalent of the hard outside /
soft tasty center security model.
-- Carson
- Previous message: lion: "[HUC] Serv-U FTPD 2.x/3.x/4.x/5.x "MDTM" Command Remote Exploit"
- In reply to: Ollivier Robert: "Re: Calife heap corrupt / potential local root exploit"
- Next in thread: Ollivier Robert: "Re: Calife heap corrupt / potential local root exploit"
- Reply: Ollivier Robert: "Re: Calife heap corrupt / potential local root exploit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
