Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability

To: vulnwatch@xxxxxxxxxxxxx
Subject: Re: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
From: XFOCUS Security Team <security@xxxxxxxxxx>
Date: Tue, 07 Feb 2006 12:39:28 +0800
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <43E757BA.6000601@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <43E757BA.6000601@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.7-1.1.fc4 (X11/20050929)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

thank Ilja van Sprundel <ilja@xxxxxxxxxxx> testing.
he find that newest tiny c compiler (tcc-0.9.23) also have this
vulnerability .

also thank kokanin@xxxxxxxxx and alekc@xxxxxxxxxxx :)

 /**
  * check_compiler_sizeof_vulnerability.c
  *
  * Check compiler whether correct deal with sizeof operator,
  * which can cause integer overflow if you careless use !!!
  *
  * note: some old compiler maybe have this vulnerability!!!!
  *
  * by alert7@xxxxxxxxxx
  *
  * XFOCUS Security Team
  * http://www.xfocus.org
  *
  * already tested:
  *
  * BCB6+ent_upd4....................................vuln !!!
  * tcc-0.9.23 ......................................vuln !!!
  * ........thank Ilja van Sprundel <ilja@xxxxxxxxxxx>
  * gcc version 4.0.0 20050519 (Red Hat 4.0.0-8).....not vuln
  * gcc version 2.95.3-4(cygwin special).............not vuln
  * gcc version egcs-2.91.66.........................not vuln
  * cc: Sun WorkShop 6 2000/04/07 C 5.1 .............not vuln
  * VC6+sp5..........................................not vuln
  * .......................................thank eyas
  * lcc version 3.8..................................not vuln
  *..................................thank tombkeeper
  * evc4+sp4.........................................not vuln
  * ........................................thank san
  * gcc version 3.4.2 [FreeBSD] 20040728.............not vuln
  * ........................thank <kokanin@xxxxxxxxx>
  * GCC OpenBSD 3.1 (2.95.3 20010125 (prerelease))...not vuln
  * MS VS.NET 2003 ..................................not vuln
  * ..............above two thank <alekc@xxxxxxxxxxx>
  *
  * REQUEST YOUR COMMENT:
  * VC6 not sp5......................................?
  * VC7..............................................?
  * evc not sp4......................................?
  * ...
  */
 #include <stdio.h>

 int main(int argc, char *argv[])
 {
  int i =-1;

  printf("Check compiler whether correct deal with sizeof operator\n");
  printf("  by alert7@xxxxxxxxxx \n\n");

  if (i > sizeof ( int ) )
  {
    printf("This compiler is not vuln\n");
  }else
    printf("This compiler is vuln!!!\n");

  getchar();

  return 0;
 }

- --EOF



- --

Kind Regards,

- ---
XFOCUS Security Team
http://www.xfocus.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFD6CR/whDwaF6cSWIRArcqAKCmTor93qg3JlmPEL6VjMHzgGl7hgCgxwtM
r71nRPE+00IBZW0hSqjEnU4=
=Bl/T
-----END PGP SIGNATURE-----

References:
- [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
  - From: XFOCUS Security Team

Prev by Date: Re: CAIDA analysis on CME-24/BlackWorm
Next by Date: crypt_blowfish 1.0
Previous by thread: [xfocus-SD-060206]BCB compiler incorrect deal sizeof operator vulnerability
Next by thread: PeopleSoft (Oracle) PSCipher Encryption Weakness
Index(es):
- Date
- Thread