[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Buffer overflow in uucpd.c/do_login()

From: Tim Rühsen
Subject: Buffer overflow in uucpd.c/do_login()
Date: Sun, 16 Feb 2020 20:12:26 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2

      strcpy (line, remotehost);
      SCPYN (ll.ll_line, line);
      SCPYN (ll.ll_host, remotehost);
      write (f, (char *) &ll, sizeof (ll));

'remotehost' is either 64 bytes or 1025 (depends on the code paths
protected by #ifdef). 'line' is only 32 bytes. I have no idea about L411
- if it's an accident or on (what ?) purpose.

Apart from that, the two calls to SCPYN() *may* not 0-terminate the
strings ll.ll_line and ll.ll_host in every case (if line or remotehost
have lengths >= the destination).

A few lines above:
# define SCPYN(a, b)    strncpy(a, b, sizeof (a))

Regards, Tim

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]