Hi, On Sat, Feb 28, 2015 at 01:18:40PM +0900, Cheolung Lee wrote: > I have thanksfulness about using strace. > Yesterday i found a bug in the strace, i guess this is a stack buffer > overflow. > > So i report it. Thank you. > > Tested Version : strace-4.9, strace-4.8 > Environment : Ubuntu 14.04.1 LTS x86_64 > Details: > > stack buffer overflow in startup_child() strace.c > > Input length check could be bypassed using long string without having '/', > and the strcpy() function in PATH concat processing code starts to > overwrite stack data. > > -------------- TEST PAYLOAD > > abc@ubuntu:~/strace-4.9$ ./strace `perl -e 'print "a"x5042'` > Segmentation fault
Thanks. BTW, there was another way to overflow this pathname buffer. Both are fixed by commit v4.9-356-g1dbd39e. -- ldv
pgpztfysJpkXp.pgp
Description: PGP signature
------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Strace-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/strace-devel
