The Dawn Of Time
The Official Forums for the Dawn Of Time Mud Codebase
 
Log in Register FAQ Memberlist Search The Dawn Of Time Forum Index Goto the Official Dawn Website

Important fix

 
Post new topic   Reply to topic    The Dawn Of Time Forum Index » 1.69s Beta4
View previous topic :: View next topic  
Author Message
test
Guest





PostPosted: Mon Oct 01, 2007 4:31 am    Post subject: Important fix Reply with quote

Hey,

as already talked with Kalahn, there is an important fix to apply to the websrv.cpp file: sprintf(decoded,d) substituited with strcpy(decoded,d)

The following is the patch.diff in case you want to apply it with "patch":
--- src/websrv.cpp 2004-02-01 01:00:00 +0100
+++ src/websrv_fix.cpp 2007-09-30 17:20:50 +0200
@@ -165,7 +165,7 @@

d =decodeBase64(pLine);
if (d){
- sprintf(decoded,d);
+ strcpy(decoded,d);
// now separate the username:password
pLine=decoded;
pStr=strstr( pLine, ":");
@@ -1099,7 +1099,7 @@

d =decodeBase64(pLine);
if (d){
- sprintf(decoded,d);
+ strcpy(decoded,d);
// now separate the username:password
pLine=decoded;
pStr=strstr( pLine, ":");

patch -p0 < patch.diff

Public details will be released soon


Back to top
Parsival



Joined: 04 Feb 2009
Posts: 28

PostPosted: Thu Feb 12, 2009 3:21 am    Post subject: Reply with quote

Bumping this topic for two reasons:


a) This code pertains to password encryption. Is this a security problem, or will it -create- a security problem?

a) Author name is 'test'...don't see any other posts from this individual...

Forgive me if I seem slightly suspicious. I have no intention of offending anyone, I'm just looking for a bit more information.

Thanks,
Steve-o


Back to top
View user's profile Send private message
Daos



Joined: 29 Jan 2003
Posts: 1150
Location: United States

PostPosted: Fri Feb 13, 2009 8:45 pm    Post subject: Reply with quote

Hi,

The general interpretation of the problem that was discovered is that an attacker can crash a DoT MUD through the integrated webserver by inputting a malicious string when your username and password prompt window pops up without leaving any form of back trace capability through a gdb (it basically outputs a bunch of memory blocks). For security reasons; I won't release the details of what the malicious input is, but the problem is validated.



_________________
- Daos

http://www.dawnoftime.org
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Parsival



Joined: 04 Feb 2009
Posts: 28

PostPosted: Sat Feb 14, 2009 7:47 am    Post subject: Reply with quote

Yep, I found some more information on the exploit, and was able to recreate it. Making the changes. Smile


Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    The Dawn Of Time Forum Index » 1.69s Beta4 All times are GMT + 13 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001-2005 phpBB Group
Theme created by Vjacheslav Trushkin