Getpwnam bus error.. is this patched?

Charles Howes (croot@ICS.BC.CA)
Mon, 23 Jun 1997 18:04:19 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Aleph One: "[ALERT] Another nuke."
Previous message: fATE 1997 BABY: "ping exploit"
Next in thread: Casper Dik: "Re: Getpwnam bus error.. is this patched?"

I'm a little behind in the patches. This program dies on Solaris 2.5;
is this already patched, or is it news that getpwnam() has an
overflowable buffer?
-----------------------------------------------------------------------------
#include <stdio.h>
#include <pwd.h>
#include <signal.h>

foobomb()
{
printf("Uhoh... getpwnam() died.\n");
exit();
}

main()
{
char buf[20000];
struct passwd *pw;
memset(buf,'a',19990);
signal(SIGBUS,foobomb);
pw=getpwnam(buf);
signal(SIGBUS,SIG_IGN);
if (!pw)
{
printf("Success, no user was found.\n");
}
else
{
printf("What the... a user was found?\n");
printf(" user: %.100s\n",pw->pw_name);
}
}
-----------------------------------------------------------------------------

--
Charles Howes -- chowes@ics.bc.ca

Next message: Aleph One: "[ALERT] Another nuke."
Previous message: fATE 1997 BABY: "ping exploit"
Next in thread: Casper Dik: "Re: Getpwnam bus error.. is this patched?"