Bugzilla – Attachment 18452 Details for
Bug 54178
VUL-0: CVE-2004-0235: LHA buffer overflows
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
[patch]
overflow and directory traversal patch
lha.patch (text/plain), 1.68 KB, created by
Sebastian Krahmer
on 2004-04-20 20:52:53 UTC
(
hide
)
Description:
overflow and directory traversal patch
Filename:
MIME Type:
Creator:
Sebastian Krahmer
Created:
2004-04-20 20:52:53 UTC
Size:
1.68 KB
patch
obsolete
>--- header.c.old 2000-10-05 19:36:03.000000000 +0200 >+++ header.c 2004-04-17 23:55:54.000000000 +0200 >@@ -538,6 +538,10 @@ > /* > * filename > */ >+ if (header_size >= 256) { >+ fprintf(stderr, "Possible buffer overflow hack attack, type #1\n"); >+ exit(109); >+ } > for (i = 0; i < header_size - 3; i++) > hdr->name[i] = (char) get_byte(); > hdr->name[header_size - 3] = '\0'; >@@ -547,6 +551,10 @@ > /* > * directory > */ >+ if (header_size >= FILENAME_LENGTH) { >+ fprintf(stderr, "Possible buffer overflow hack attack, type #2\n"); >+ exit(110); >+ } > for (i = 0; i < header_size - 3; i++) > dirname[i] = (char) get_byte(); > dirname[header_size - 3] = '\0'; >--- lhext.c.old 2000-10-04 16:57:38.000000000 +0200 >+++ lhext.c 2004-04-18 01:27:44.000000000 +0200 >@@ -190,8 +190,13 @@ > q = (char *) rindex(hdr->name, '/') + 1; > } > else { >+ if (is_directory_traversal(q)) { >+ fprintf(stderr, "Possible directory traversal hack attempt in %s\n", q); >+ exit(111); >+ } >+ > if (*q == '/') { >- q++; >+ while (*q == '/') { q++; } > /* > * if OSK then strip device name > */ >@@ -419,6 +424,33 @@ > return; > } > >+int >+is_directory_traversal(char *string) >+{ >+ unsigned int type = 0; /* 0 = new, 1 = only dots, 2 = other chars than dots */ >+ char *temp; >+ >+ temp = string; >+ >+ while (*temp != 0) { >+ if (temp[0] == '/') { >+ if (type == 1) { return 1; } >+ type = 0; >+ temp++; >+ continue; >+ } >+ >+ if ((temp[0] == '.') && (type < 2)) >+ type = 1; >+ if (temp[0] != '.') >+ type = 2; >+ >+ temp++; >+ } /* while */ >+ >+ return (type == 1); >+} >+ > /* Local Variables: */ > /* mode:c */ > /* tab-width:4 */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18452">View the attachment on a separate page</a>.</b>
Actions:
View
|
Diff
Attachments on
bug 54178
: 18452 |
18651
|
18652