Date: Fri, 3 Dec 1999 16:45:45 -0500 (EST) From: tstromberg@rtci.com To: freebsd-audit@freebsd.org Subject: More binaries with overflows. (7) Message-ID: <84724545.944257545945.JavaMail.chenresig@karma>
next in thread | raw e-mail | index | archive | help
I've improved the breakwidgets program a lot, so I should be getting more results now. I try now to maximize the enviroment space (ENV+argument overflows), so I should find a few of the trickier ones now. This should also improve the stdin overflow checks. I still need to add a feature that says "If I've already found X overflows with this env variable, or this program, go to the next one".. that would save me time from the 100's of cores I get right now. I've experienced a few slowdowns because of regular crashes under -CURRENT, but I'll keep on chugging. here is a few more I found: /usr/bin/error arg overflow, ex: error -I [A*16384] /usr/bin/fsplit arg overflow in -e, ex: fsplit -e [A*16384] /usr/bin/grops arg overflow, ex: grops -c blah [A*16384] /usr/bin/patch arg overflow, ex: patch -r [A*16384] /usr/bin/pr arg overflow, ex: pr -s [A*16384] /usr/bin/ypcat arg overflow in -d, ex: ypcat -d [A*16384] blah /usr/libexec/aout/as stdin overflow in -I, ex: echo "[A*16384]" | as -I I also managed to crash cc1 & cc1plus, but haven't been able to determine why. As always, a collection of core dumps is availabe at http://www.afterthought.org/freebsd/cores .. .. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?84724545.944257545945.JavaMail.chenresig>