Alle 20:05, venerdì 5 novembre 2004, Ulf Härnhammar ha scritto: > Hello, > > I have found that it's possible for a malicious FTP server to crash GNU > Wget by sending malformed directory listings. Wget will parse them without > checking if they are written in the proper format. It will do a fixed > number of strtok() calls and then atoi() calls, and with the wrong format, > atoi() will dereference NULL, leading to a crash. > > This affects 1.9.1, the latest CVS version and some older stable versions. > > I have attached a patch against 1.9.1 that will correct this, and a little > fake FTP server that exhibits this problem when Wget connects to it. The > server should be started from inetd or xinetd. My inetd.conf line looks > like this: > > ftp stream tcp nowait metaur /usr/bin/perl perl > /path/to/wget-crasher.pl > > // Ulf Harnhammar > http://www.advogato.org/person/metaur/
hi ulf, your patch has just been merged into wget cvs. sorry for the delay, but i have been quite busy lately. thank you very much!!! -- Aequam memento rebus in arduis servare mentem... Mauro Tortonesi University of Ferrara - Dept. of Eng. http://www.ing.unife.it Institute of Human & Machine Cognition http://www.ihmc.us Deep Space 6 - IPv6 for Linux http://www.deepspace6.net Ferrara Linux User Group http://www.ferrara.linux.it