Dear Slotto Corleone,
--Friday, April 30, 2004, 3:43:15 AM, you wrote to [EMAIL PROTECTED]: SC> - sphiro/libhttp/http_socks.c SC> int get_request(int type,struct sockaddr_in client,int sc,SSL *s) SC> ... SC> char buffer[MAX_READ +1]; SC> char auth_buff[MAX_READ+1]; SC> char filename[128]; SC> ... SC> ... <skipped> SC> sprintf(filename,"%s%s",config->webroot,request); <-- oops According to information you provided this is stack overflow, not heap. And in this very case it looks not to be exploitable, because behind filename boundaries sprintf() overwrites beginning of auth_buf. Of cause I may be wrong, full annalists of source code required to make conclusion. -- ~/ZARAZA ���� ���� �� �������� �����-������ ������, �� ��� ����� �� ������� ��� ���������. (����) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
