Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
OK Chaps,
First a disclaimer. darts-client is a pure "client" program, so if it
has any buffer overflows, then this will only create a vulnerability if
the server is malicious, which it certainly is not. So it should cause
you no problems if darts-client has a potential buffer oveflow.
But only hours after a debued my software, I found a buffer overflow in
darts-client. As I said, this shouldn't be a problem, but if it bothers
you, use the software enclosed as an attachement (or look in
darts-client.c apply the following patch
--- darts-client.c-old Thu Sep 6 13:40:32 2001
+++ darts-client.c Thu Sep 6 12:45:28 2001
@@ -126,7 +126,7 @@
in_file.buf_index = in_file.buf_size = 0;
if (send_string(in_file.fd,"request data\r\n")==-1) RETRY
if (read_string(&in_file,s,1000)==NULL) RETRY
- if (ston(s,list,N,M,NULL,0,0,*M)!=0) RETRY
+ if (ston(s,list,N,M,NULL,0,0,maxN)!=0) RETRY
close(in_file.fd);
}
Then kill the old darts-client (killall darts-client), and then start
the new darts-client.
I'm really really sorry about this - my only excuse is that even the
pro's make mistakes like this.
Sorry, Stephen
--
Stephen Montgomery-Smith
EMAIL:PROTECTED
http://www.math.missouri.edu/~stephen
darts-client.tar.gz
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact