| View previous topic :: View next topic |
| Author |
Message |
test
Guest
|
 Posted: Mon Oct 01, 2007 4:31 am Post subject: Important fix |
 |
|
Hey,
as already talked with Kalahn, there is an important fix to apply to the websrv.cpp file: sprintf(decoded,d) substituited with strcpy(decoded,d)
The following is the patch.diff in case you want to apply it with "patch":
--- src/websrv.cpp 2004-02-01 01:00:00 +0100
+++ src/websrv_fix.cpp 2007-09-30 17:20:50 +0200
@@ -165,7 +165,7 @@
d =decodeBase64(pLine);
if (d){
- sprintf(decoded,d);
+ strcpy(decoded,d);
// now separate the username:password
pLine=decoded;
pStr=strstr( pLine, ":");
@@ -1099,7 +1099,7 @@
d =decodeBase64(pLine);
if (d){
- sprintf(decoded,d);
+ strcpy(decoded,d);
// now separate the username:password
pLine=decoded;
pStr=strstr( pLine, ":");
patch -p0 < patch.diff
Public details will be released soon
|
|
| Back to top |
|
Parsival
Joined: 04 Feb 2009
Posts: 26
|
| Posted: Thu Feb 12, 2009 3:21 am Post subject: |
|
|
Bumping this topic for two reasons:
a) This code pertains to password encryption. Is this a security problem, or will it -create- a security problem?
a) Author name is 'test'...don't see any other posts from this individual...
Forgive me if I seem slightly suspicious. I have no intention of offending anyone, I'm just looking for a bit more information.
Thanks,
Steve-o
|
|
| Back to top |
|
Daos
Joined: 29 Jan 2003
Posts: 1107
Location: United States
|
| Posted: Fri Feb 13, 2009 8:45 pm Post subject: |
|
|
Hi,
The general interpretation of the problem that was discovered is that an attacker can crash a DoT MUD through the integrated webserver by inputting a malicious string when your username and password prompt window pops up without leaving any form of back trace capability through a gdb (it basically outputs a bunch of memory blocks). For security reasons; I won't release the details of what the malicious input is, but the problem is validated. |
|
| Back to top |
|
Parsival
Joined: 04 Feb 2009
Posts: 26
|
|
| Back to top |
|
|
