[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tiger-devel] Tiger-3.1 Buffer Overflow bug
|
From: |
Javier Fernández-Sanguino Peña |
|
Subject: |
Re: [Tiger-devel] Tiger-3.1 Buffer Overflow bug |
|
Date: |
Tue, 22 Apr 2003 00:51:55 +0200 |
|
User-agent: |
Mutt/1.5.3i |
On Mon, Apr 21, 2003 at 03:26:00PM -0700, Steve G wrote:
> Hello,
>
> Recently I ran across a bug in the 3.1 version of Tiger. It
> has a program realpath.c that is crashing on my stack
> smashing protection software. It has 2 issues. 1)
> MAXPATHLEN
> is 4096 by definition on Linux 2.4. The program has some
> buffers that are on 1025 in size. They should be scaled off
> of MAXPATHLEN instead of a magic number.
>
> Also (2), the realpath function is in glibc, but with a
> different argument count. This causes problems for libsafe.
> The function should either be static or renamed to
> my_realpath() to avoid problems.
I will check both of these issues tomorrow (off to sleep now). The second
one is easy to solve as for the first one I will take a look and fix it in
the CVS too.
>
> I've attached an updated copy for your review.
Ok. Will look.
>
> I use Red Hat 9, and I also see all kinds of shell script
> errors in check_accounts, has anyone else reported this?
> Lines 136, 195, 317. (:-lt: unary operator expected).
>
This seems to be a problem with Tiger_Accounts_Trust not defined which is
strange since I added code in case it was not defined in tigerrc. I have
not encountered this myself. I have taken a look at the code and probably
it needs to be improved setting Tiger_Accounts_Trust to -1 at the beginning
of the script if it's not defined. Will check and fix too.
Thank you for your information, will keep you up2date on this.
Regards
Javi
pgpMumxaFnsnN.pgp
Description: PGP signature