[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential vulnerabilities in GDB 7.8
From: |
Sergio Durigan Junior |
Subject: |
Re: Potential vulnerabilities in GDB 7.8 |
Date: |
Thu, 21 Aug 2014 11:05:55 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) |
On Wednesday, August 20 2014, Hádrian R wrote:
> Hi, I'm Kaiwaiata, since more than 2h searching and finding various
> possible vulnerabilities in source code of GDB..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..
Hello Kaiwaiata,
Thanks for the message. However, this list is not used by GDB folks
anymore. I recommend you to post your message on <address@hidden>.
> unsafe use of *strcpy()* in *int net_open (.. ..){**:*
>
> *gdb-7.8.tar\gdb\ser-tcp.c:*
> * line 187: *strncpy (hostname, name, tmp);
> * line 187: *strcpy (hostname, "localhost");
You could even post a patch fixing this, if you want. To do that, send
the patch to <address@hidden>.
Thanks,
--
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/