On Tue, Jan 15, 2013 at 6:44 AM, Dominik Maier <domen...@gmail.com> wrote:
> Buffer overflow because of strcpy with possibility to inject shellcode: > > swath mule -b [More than 20 to overflow and possibly inject shellcode.] < > emptyfile > > proplematic lines are: > > char stopstr[20]; > if (muleMode) > strcpy(stopstr,wbr); > > Instead, you should change the size of stopstr according to wbr. > Even better would be simply to change the address of stopstr like > > char stopstr[20]; > if (muleMode) > stopstr = wbr; Thanks for the report. I've applied the fix upstream: http://linux.thai.net/websvn/wsvn/software.swath?op=comp&compare[]=%2Ftrunk@237&compare[]=%2Ftrunk@238 I'm estimating the risk to decide what to do in Debian. The use of Mule mode is quite rare, IMO. Regards, -- Theppitak Karoonboonyanan http://linux.thai.net/~thep/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
