Python 2.5'e geçersek stable SVN branch'a geçelim, bu arada Python bile strcpy,strcat kullanýyor ya hey de hey.
---------- Forwarded Message ---------- Subject: Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability Date: 14 Mar 2007 Çar From: "starcadi starcadi" <starc...@gmail.com> To: bugtraq at securityfocus.com Description: The source of python contain a various modules, the zlib module contain a minigzip tool, ( * minigzip is a minimal implementation of the gzip utility. ). Source error: the error was found in: - void file_compress(file, mode) because the use of strcpy() is inapropriatly -- #define MAX_NAME_LEN 1024 [..] void file_compress(file, mode) char *file; char *mode; { local char outfile[MAX_NAME_LEN]; FILE *in; gzFile out; strcpy(outfile, file); strcat(outfile, GZ_SUFFIX); -- the function file_compress() was called by main() function. Proof of concept: if you want test the vulnerability try: $ minigzip `perl -e "print 'A'x1050"` -- starcadi ------------------------------------------------------- -- Happiness in intelligent people is the rarest thing I know. (Ernest Hemingway) Ismail Donmez ismail (at) pardus.org.tr GPG Fingerprint: 7ACD 5836 7827 5598 D721 DF0D 1A9D 257A 5B88 F54C Pardus Linux / KDE developer