Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 2874 From kerberos-acl@MIT.EDU Thu Oct 28 15:30:20 1999 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA22917 for ; Thu, 28 Oct 1999 15:30:19 -0400 Received: from GRAND-CENTRAL-STATION.MIT.EDU by MIT.EDU with SMTP id AA03437; Thu, 28 Oct 99 15:30:35 EDT Received: from melbourne-city-street.MIT.EDU (MELBOURNE-CITY-STREET.MIT.EDU [18.69.0.45]) by grand-central-station.MIT.EDU (8.9.2/8.9.2) with ESMTP id PAA28224 for ; Thu, 28 Oct 1999 15:25:58 -0400 (EDT) Received: from mint-square.mit.edu (MINT-SQUARE.MIT.EDU [18.184.0.36]) by melbourne-city-street.MIT.EDU (8.9.3/8.9.2) with ESMTP id PAA01234 for ; Thu, 28 Oct 1999 15:25:57 -0400 (EDT) Received: (from klmitch@localhost) by mint-square.mit.edu (8.9.3) id PAA29691; Thu, 28 Oct 1999 15:25:57 -0400 (EDT) Message-Id: <199910281925.PAA29691@mint-square.mit.edu> Date: Thu, 28 Oct 1999 15:25:57 -0400 From: Kev To: krb5-bugs@MIT.EDU Subject: default_com_err_proc possible overflow? >Number: 781 >Category: krb5-libs >Synopsis: default_com_err_proc possible overflow? >Confidential: yes >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Thu Oct 28 15:31:01 EDT 1999 >Last-Modified: Tue Feb 22 16:39:58 EST 2000 >Originator: Kev >Organization: >Release: >Environment: >Description: In default_com_err_proc(), we have the following code: ------- Begin code snippet, src/util/et/com_err.c #if defined(_MSDOS) || defined(_WIN32) || defined(macintosh) char errbuf[1024] = ""; if (whoami) { strcat (errbuf, whoami); strcat (errbuf, ": "); } if (code) { strcat (errbuf, error_message(code)); strcat (errbuf, " "); } if (fmt) vsprintf (errbuf + strlen (errbuf), fmt, ap); ------- End code snippet This could potentially result in overflows. This is from the 1.1 sources; I couldn't manage to grab the cvs sources... -- Kevin L. Mitchell ------------------------- -. .---- --.. ..- -..- -------------------------- http://web.mit.edu/klmitch/www/ (PGP keys availiable from here) RSA AE87D37D/1024: DE EA 1E 99 3F 2B F9 23 A0 D8 05 E0 6F BA B9 D2 DSS ED0DB34E/1024: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E DH 2A2C31D4/2048: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4 >How-To-Repeat: >Fix: >Audit-Trail: Responsible-Changed-From-To: gnats-admin->krb5-unassigned Responsible-Changed-By: raeburn Responsible-Changed-When: Tue Feb 22 16:39:48 2000 Responsible-Changed-Why: reformat, set category >Unformatted: