Re: [ Hackerslab bug_paper ] Linux dump buffer overflow

[Derek Callaway]

On Mon, 28 Feb 2000, ±è¿ëÁØ KimYongJun (99Á¹¾÷) wrote:

> [ Hackerslab bug_paper ] Linux dump buffer overflow

<snip>

> 
> [loveyou@loveyou SOURCES]$ dump  -f a `perl -e 'print "x" x 556'`
>   DUMP: Date of this level 0 dump: Mon Feb 28 14:45:01 2000
>   DUMP: Date of last level  dump: the epoch
>   DUMP: Dumping 
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> to a
> 
>xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:
> ÆÄÀÏ À̸§ÀÌ ³Ê¹« ±é´Ï´Ù while opening filesystem
>   DUMP: SIGSEGV: ABORTING!
> Segmentation fault
> 

<snip>

Could this be a problem with glibc, as well? 

[super@white dump]$ pwd
/usr/src/redhat/SOURCES/dump-0.4b4/dump
[super@white dump]$ echo -e "ru -0 `perl -e 'print "A"x5000;'`\nbt" | gdb
dump
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you
are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "i386-redhat-linux"...
(gdb) Starting program: /usr/src/redhat/SOURCES/dump-0.4b4/dump/dump -0
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
<snipped long string>
---Type <return> to continue, or q <return> to quit---Program received
signal SIGSEGV, Segmentation fault.
getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88
88      ../sysdeps/generic/getenv.c: No such file or directory.
(gdb) #0  getenv (name=0x40111a70 "") at ../sysdeps/generic/getenv.c:88
#1  0x400b3f4a in tzset_internal (always=1094795585) at tzset.c:144
#2  0x400b4ceb in __tz_convert (timer=0xbfffd790, use_localtime=1,
    tp=0x4011e4e0) at tzset.c:575
#3  0x400b08bc in localtime (t=0xbfffd790) at localtime.c:43
#4  0x400b07f8 in ctime (t=0xbfffd790) at ctime.c:32
#5  0x804adde in main (argc=1094795585, argv=0x41414141) at main.c:355
(gdb) [super@white dump]$

>From this gdb session, it appears that there _could_ be a problem with
the way that glibc's time functions behave.

--
/* Derek Callaway <[EMAIL PROTECTED]> char *sites[]={"http://www.geekwise.com", 
   Programmer; CE Net, Inc. "http://www.freezersearch.com/index.cfm?aff=dhc",
   (302) 837-8769           "http://www.homeworkhelp.org",0};  S@IRC  */