Potential vulnerabilities in GDB 7.8

[Hádrian R]

Hi, I'm Kaiwaiata​​, since more than 2h searching and finding various
possible vulnerabilities in source code of GDB..
I will tell you one vulnerability now, if they treat me well I will tell
the other..

foolish or important things?

unsafe use of *strcpy()* in *int net_open (.. ..){**:*

*gdb-7.8.tar\gdb\ser-tcp.c:*
*line 187: *strncpy (hostname, name, tmp);
*line 187: *strcpy (hostname, localhost);

*#* if an attacker manages to take control of *hostname[100];*, may cause a
buffer overflow.

*NOTE*: is likely to be directed toward *.bss,* also be a vulnerability

i hope answer, thanks a lot!,
Kaiwaiata - HádrienR.
___
bug-gdb mailing list
bug-gdb@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gdb

Re: Potential vulnerabilities in GDB 7.8

[Sergio Durigan Junior]

On Wednesday, August 20 2014, Hádrian R wrote:

 Hi, I'm Kaiwaiata​​, since more than 2h searching and finding various
 possible vulnerabilities in source code of GDB..
 I will tell you one vulnerability now, if they treat me well I will tell
 the other..

Hello Kaiwaiata,

Thanks for the message.  However, this list is not used by GDB folks
anymore.  I recommend you to post your message on g...@sourceware.org.

 unsafe use of *strcpy()* in *int net_open (.. ..){**:*

 *gdb-7.8.tar\gdb\ser-tcp.c:*
 *line 187: *strncpy (hostname, name, tmp);
 *line 187: *strcpy (hostname, localhost);

You could even post a patch fixing this, if you want.  To do that, send
the patch to gdb-patc...@sourceware.org.

Thanks,

-- 
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

___
bug-gdb mailing list
bug-gdb@gnu.org
https://lists.gnu.org/mailman/listinfo/bug-gdb