uninitialized buffer in midnight commander (fwd)

Pavel Machek pavel at ucw.cz
Fri Oct 10 12:08:37 UTC 2003


. From bugtraq, I hope it was not here before.

----- Forwarded message from "\"Ilya Teterin\" " <alienhard at mail.ru> -----

Mailing-List: contact bugtraq-help at securityfocus.com; run by ezmlm
From: "Ilya Teterin"  <alienhard at mail.ru>
To: bugtraq at securityfocus.com
Subject: uninitialized buffer in midnight commander
X-Originating-IP: [195.58.4.140]

Midnight Commander is using uninitialized buffer for handling symlinks in VFS (tar, cpio). See vfs/direntry.c, handling of buf[] at vfs_s_resolve_symlink(). I wonder but it works almost properly ;-)

On linux-i386 I can reach stack buffer overflow using specially crafted archive. Open http://buggzy.narod.ru/exp.tgz in mc's VFS to test (mc will crash).

Affected systems/vendors/archs: at least linux-i386, mc-4.5.52 to mc-4.6.0, too lazy to test others ;-)

P.S. Greetings to iDEFENSE VCP. I'm tired and hungry ;)

----- End forwarded message -----

-- 
				Pavel
Written on sharp zaurus, because my Velo1 broke. If you have Velo you don't need...




More information about the mc-devel mailing list