[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote hole in ftpd that can lead to root compromise

To: Kristian Vlaardingerbroek <kris@obit.nl>
Subject: Re: Remote hole in ftpd that can lead to root compromise
From: John Wright <john@dryfish.org>
Date: Mon, 4 Dec 2000 10:14:42 +0000
Cc: bugs@openbsd.org
Content-Disposition: inline
Mail-Followup-To: Kristian Vlaardingerbroek <kris@obit.nl>,bugs@openbsd.org
References: <3A2B7780.48FCC788@obit.nl>
User-Agent: Mutt/1.2.5i

On Mon, Dec 04, 2000 at 11:52:48AM +0100, Kristian Vlaardingerbroek wrote:
> Hi,
> [...]
> 
> If MAXPATHLEN is reached, "npath[i] = '\0';" writes to
> npath[MAXPATHLEN+1].
> 
> The fix is very simple, just change char npath[MAXPATHLEN]; to char
> npath[MAXPATHLEN+1];

That is not the fix as MAXPATHLEN is not used to determine the length of
npath, sizeof(npath) is.

Follow-Ups:
- Re: Remote hole in ftpd that can lead to root compromise
  - From: Jun-ichiro itojun Hagino <itojun@iijlab.net>

References:
- Remote hole in ftpd that can lead to root compromise
  - From: Kristian Vlaardingerbroek <kris@obit.nl>

Prev by Date: Remote hole in ftpd that can lead to root compromise
Next by Date: Re: Remote hole in ftpd that can lead to root compromise
Prev by thread: Remote hole in ftpd that can lead to root compromise
Next by thread: Re: Remote hole in ftpd that can lead to root compromise
Index(es):
- Date
- Thread