Dear Ricardo Ribalda, thank you very much for the report, and please excuse my late response.
Tordag den 18:e juli 2019, klockan 14:34, skrev Ricardo Ribalda Delgado detta: > I have compiled ftfpd with gcc 8.3 and Glibc 2.29. I use it with > xinetd 2.3.15. When I request the server an inexistent file, the > server dies with : > > *** buffer overflow detected *** Is this read off a syslog file like `daemon.log'? Is it verbatime with asterisks? Was that `get missing-file' the very first action? > After some debugging I figured out that the error is in nack(error) at: > > strcpy (tp->th_msg, pe->e_msg); > > For more that I see the code, I cannot find the overflow. buff has > enough space to fetch 15 bytes, but maybe I am too old for this kind > of bugs :) I have not been able to reproduce the failure, in spite of investing too many hours in finding weak points, and using GNU/Linux (older than your issue), OpenIndiana, and FreeBSD. In the process, two possibilities were strlen(NULL) and strcpy(s1, NULL), but visual back tracking did not disclose even a remote possibility of either. At the moment I have no idea where to look, but will bear it in mind. Best regards, Mats E Andersson
