bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Integer Overflow in braces


From: Pasha K
Subject: Re: Integer Overflow in braces
Date: Mon, 17 Aug 2015 09:58:17 -0700

Hey Greg,

I wasn't particularly trying to actually generate that large amount of strings in memory, I wa purposely trying to overflow the integer variable "nelem"hoping to get Code Execution. This could potentially be a security risk as shell shock was just more of a denial of service rather than straight up code execution. However, just because I wasn't able to gain control of the registers doesn't mean someone else with more skill can't.

On Monday, August 17, 2015, Greg Wooledge <address@hidden> wrote:
On Sat, Aug 15, 2015 at 08:53:55PM -0700, Pasha K wrote:
> (gdb) r -c "for x in {1..9223372036854775805}; do echo overflow; done"

Brace expansion requires bash to generate and store ALL of those strings
in memory simultaneously.  I seriously doubt any computer on earth has
enough virtual memory to hold what you've asked for here.  (Unless I'm
miscounting, you've asked bash to generate over 900 quintillion strings
of length varying from 1 to 19 bytes in length (2 to 20 with NULs).)

If you want to count to a large number, use a C-style for loop instead
of a brace expansion.

for ((x=1; x<=9000000000; x++)); do ...; done

reply via email to

[Prev in Thread] Current Thread [Next in Thread]