Just to make everyone aware, I've recently found two bugs in FUP that will
cause a server panic. If these are already known, ignore this mail.
The first is in bf_fileinfo. It has no error checking whatsoever on the
return value of getpwuid and getgrgid, and thus if one calls fileinfo() on a
file owned by a UID or GID that don't map to a name (ie, get{pwuid,grgid}
returns NULL) it will try to access a structure at NULL, thus causing a
SIGSEGV and subsequently a panic.
The second is due to the lack of any length checking whatsoever in
build_file_name and build_dir_name. If any of the FUP functions are called
with arguments that cause a path name to total more than 2048 bytes (for
example filelist("",<some 2048-byte-long string>)), it will try to tack
together the directory and file names with no length checks, thus leading to
a buffer overflow. I consider this the more dangerous of the two bugs.
I'd recommend anyone running a MOO with FUP fix these asap :)
-Sean
--
/~\ The ASCII
\ / Ribbon Campaign Sean Davis
X Against HTML aka dive
/ \ Email!
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
