[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Tiger-devel] Tiger-3.1 Buffer Overflow bug
|
From: |
Steve G |
|
Subject: |
[Tiger-devel] Tiger-3.1 Buffer Overflow bug |
|
Date: |
Mon, 21 Apr 2003 15:26:00 -0700 (PDT) |
Hello,
Recently I ran across a bug in the 3.1 version of Tiger. It
has a program realpath.c that is crashing on my stack
smashing protection software. It has 2 issues. 1)
MAXPATHLEN
is 4096 by definition on Linux 2.4. The program has some
buffers that are on 1025 in size. They should be scaled off
of MAXPATHLEN instead of a magic number.
Also (2), the realpath function is in glibc, but with a
different argument count. This causes problems for libsafe.
The function should either be static or renamed to
my_realpath() to avoid problems.
I've attached an updated copy for your review.
I use Red Hat 9, and I also see all kinds of shell script
errors in check_accounts, has anyone else reported this?
Lines 136, 195, 317. (:-lt: unary operator expected).
Best Regards,
-Steve Grubb
__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com
realpath.c
Description: realpath.c
- [Tiger-devel] Tiger-3.1 Buffer Overflow bug,
Steve G <=