Hi all,
Before I start, this isn't likely a huge security risk. It probably doesn't require delay of release unless someone shows a practical exploit.
I was playing with a tcl/tk script for connecting to the telnet interface and doing various things. I, in a moment of stupidity, introduced a flawed regexp, which caused an infinite loop. Inside the infinite loop, the program attempts to read data coming back from the telnet connection. Killing the program off at that point and starting a new telnet connection caused the message:
(WARNING): Reading buffer overflow from 2130706433l:398
(With a few thousand identical messages...)
The telnet process associated with the running script is also killed when killing the script, according to ps.
However, I could not reproduce by simply starting and killing telnet sessions; it seems to me that the data request(s) are logged by some mechanism, which crashes it when a new telnet is opened. (Forgive my newbie-ness here; I'm not really familiar with telnet nor the shell code of gtk-g, nor buffer overflows for that matter.)
At any rate, the code snippet which caused it:
proc show_commands { io } {
set coms "" puts $io "HELP"
flush $io
set line [gets $io]
set x [regexp "100-" $line]
while $x==1 {
append coms [string trimleft $line "100-"]
set line [gets $io]
set x [regexp "100-" $line]
}<GUI code snipped> }
(io represents a pipe to telnet; puts and gets function as one would expect. Lacking the buggy regexp, the intention was to issue the help command and cycle through the returned data, stripping the leading "100-" for readability.)
I'll be glad to provide the entire script if anyone wants to reproduce it (requires wish 8.4); alternately, I'd be glad to test any assertions, etc., if you like.
Regards, Clayton
_________________________________________________________________
Get tips for maintaining your PC, notebook accessories and reviews in Technology 101. http://special.msn.com/tech/technology101.armx
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Gtk-gnutella-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel
