bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: version string can cause overflow and affect eip/rip (needs length c


From: Chet Ramey
Subject: Re: version string can cause overflow and affect eip/rip (needs length check in version string)
Date: Fri, 26 Sep 2014 09:04:31 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 9/26/14, 3:13 AM, Johan Nestaas wrote:
> This isn't nearly as important as shellshock or whatever you want to call
> it, but I found this while glancing at the source and the latest patch.
> It's a funny little bug that I doubt could ever be useful for malicious
> reasons, unless you can determine an address to jump to that is comprised
> of all hex characters 30-39 (digits) due to the regex check on the version
> string, and also if the "attacker" could set a version string.
> 
> Still, a bad version string in a configure shouldn't allow someone to jump
> to an arbitrary address in memory. Might be a good idea to add a length
> check in configure or make.

If you want to do this to yourself, why should bash stop you?

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]