[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Calife heap corrupt / potential local root exploit

To: Ollivier Robert <roberto@xxxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Calife heap corrupt / potential local root exploit
From: Carson Gaspar <carson+bugtraq@xxxxxxxxxx>
Date: Fri, 27 Feb 2004 15:08:50 -0500

--On Friday, February 27, 2004 16:49:34 +0000 Ollivier Robert <roberto@xxxxxxxxxxxxxxxxx> wrote:

In-Reply-To: <20040227091921.26210.qmail@xxxxxxxxxxxxxxxxxxxxx>

           pt_pass = (char *) getpass ("Password:");
           memset (user_pass, '\0', l_size);
           strcpy (user_pass, pt_pass); // <- BAD CODE


I could have used strlcpy but I assumed (and my reading of the FreeBSD
source code confirm it) that getpass(3) was doing the size check.

This is why you shouldn't make such assumptions. Never assume someone else validated your input. If you want to write secure code, assume every function is under attack from every other function, because someday someone will change the program flow, bypassing your carefully crafted validation function and passing garbage to your insecure code. Outsourcing your validation to other code is the software equivalent of the hard outside / soft tasty center security model.

--
Carson

Follow-Ups:
- Re: Calife heap corrupt / potential local root exploit
  - From: Ollivier Robert

References:
- Re: Calife heap corrupt / potential local root exploit
  - From: Ollivier Robert

Prev by Date: [HUC] Serv-U FTPD 2.x/3.x/4.x/5.x "MDTM" Command Remote Exploit
Next by Date: Re: Calife heap corrupt / potential local root exploit
Previous by thread: Re: Calife heap corrupt / potential local root exploit
Next by thread: Re: Calife heap corrupt / potential local root exploit
Index(es):
- Date
- Thread