and you would think some bugs we got rid of in open source software!<br><br><div><span class="gmail_quote">On 3/14/07, <b class="gmail_sendername">starcadi starcadi</b> <<a href="mailto:starcadi@gmail.com">starcadi@gmail.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><span style="font-weight: bold;">Description:</span><br><br>The source of python contain a various modules, the zlib module contain a minigzip tool, ( *
<span style="text-decoration: underline;">minigzip is a minimal implementation of the gzip utility.
</span> ).<br><br><span style="font-weight: bold;">Source error:</span><br><br>the error was found in:<br>- <span style="font-style: italic;">void file_compress(file, mode)</span><br>because the use of strcpy() is inapropriatly
<br><br><span style="font-style: italic;">--</span><br style="font-style: italic;"><span style="font-style: italic;">#define MAX_NAME_LEN 1024</span><br style="font-style: italic;"><span style="font-style: italic;">[..]</span>
<br style="font-style: italic;"><span style="font-style: italic;">void file_compress(file, mode)</span><br style="font-style: italic;"><span style="font-style: italic;"> char *file;</span><br style="font-style: italic;">
<span style="font-style: italic;"> char *mode;</span><br style="font-style: italic;"><span style="font-style: italic;">{</span><br style="font-style: italic;"><span style="font-style: italic;"> local char outfile[MAX_NAME_LEN];
</span><br style="font-style: italic;"><span style="font-style: italic;"> FILE *in;</span><br style="font-style: italic;"><span style="font-style: italic;"> gzFile out;</span><br style="font-style: italic;"><br style="font-style: italic;">
<span style="font-style: italic;"> strcpy(outfile, file);</span><br style="font-style: italic;"><span style="font-style: italic;"> strcat(outfile, GZ_SUFFIX);</span><br style="font-style: italic;"><span style="font-style: italic;">
--</span><br><br>the function <span style="font-style: italic;">file_compress()</span> was called by main() function.<br><br><span style="font-weight: bold;">Proof of concept:</span><br><br>if you want test the vulnerability try:
<br><span style="font-style: italic;">$ minigzip `perl -e "print 'A'x1050"`<br><br></span>-- starcadi<br>
</div>
<br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://secunia.com/" target="_blank">http://secunia.com/</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=39">http://www.goldwatches.com/watches.asp?Brand=39</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com</a>