Date: Mon, 10 Feb 1997 21:48:31 +0100 (MET) From: Guido van Rooij <guido@gvr.win.tue.nl> To: mcwong@imail.com (M.C Wong) Cc: security@freebsd.org Subject: Re: Writing buffer overwrite on FreeBSD ? Message-ID: <199702102048.VAA14184@gvr.win.tue.nl> In-Reply-To: <199702101920.OAA24541@fabius.globecomm.net> from "M.C Wong" at "Feb 11, 97 03:12:00 am"
next in thread | previous in thread | raw e-mail | index | archive | help
M.C Wong wrote: > Dear Sir/Madam, > > With reference to http://www.l0pht.com/advisories/bufero.html, I wonder > if anyone manage to make 2nd cut of the program used in the tutorial > (syslog_test_2.c) throws out a SIGTRAP ? Similarly for the 3rd cut and > the final program which runs smoothly from begining to end and not > causing any error. Am I reading the codes wrongly ? > > I understand the code was originally written on BSDI system but thought > the similarity between it and FreeBSD should exhibit the same bahaviour > when executing the codes. Not! > > Have someone had any experience in writing similar buffer overun test > code that actually works on a FreeBSD box ? > > Appreciate sharing of such information if available. > This was a bug in syslog() sme time ago and has been fixed since 1995/09/15: revision 1.4 date: 1995/09/15 13:53:39; author: peter; state: Exp; lines: +86 -18 Fix security bugs with a "new approach", using stdio's powerful buffer control hooks. It is similar to an unrolled multi-part snprintf(), in that a "FILE *" is attached to a string buffer. There is also an optimisation for the case where the syslog format string does not contain %m, which should improve performance of "informational" logging, like from ftpd. -Guido
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702102048.VAA14184>