<<< Date Index >>>     <<< Thread Index >>>

Re: GNU Sharutils buffer overflow vulnerability



Several guys kindly let me know about my fook up
regarding the fix I posted for shar.  Although it
prevented the overflow, in some situations, it might
cause another bug in shar (although I've never
witnessed it despite testing the patched shar).  

Anyway, I've revised the patch with the kind
suggestions of the guys who I chatted to.  Here's the
new patch:

--- shar-bof.patch ---

--- shar.orig.c 2004-04-07 16:18:23.000000000 +0100
+++ shar.c      2004-04-07 16:39:04.000000000 +0100
@@ -1905,7 +1905,8 @@
        break;

       case 'o':
-       strcpy (output_base_name, optarg);
+       memset(output_base_name, '\0',
sizeof(output_base_name));
+       strncpy (output_base_name, optarg,
sizeof(output_base_name)-1);
        if (!strchr (output_base_name, '%'))
          strcat (output_base_name, ".%02d");
        part_number = 0;
--- EOF ---

Same as usual:

---
root# cd sharutils-4.2.1/src
root# patch < shar-bof.patch
root# cd ..
root# ./configure && make && make install
---

Thanks guys :)

The patch is also available from here: 

<http://www.nettwerked.co.uk/code/shar-bof.patch>

just incase it looks a little screwed in your mail
clients.

This patch should do the job of fixing the bug nicely
- thanks.



Thank you for your time.
Shaun.


        
        
                
____________________________________________________________
Yahoo! Messenger - Communicate instantly..."Ping" 
your friends today! Download Messenger Now 
http://uk.messenger.yahoo.com/download/index.html