[Previous] [Next] [Index]
[Thread]
Re: CIAC Advisory F-11 Report: Unix NCSA httpd Vulnerability
>Well, I've just been over the HTLoadError routine and it certainly
>does unchecked sprintf's to a fixed size buffer when composing the
>error message (same in HTErrorMsg). No user input is used here,
>thoug, so it may not be harmful. It just left me wondering where
>else such things might be lurking ...
Yep, I know about those bits, I had a look through them with a view
to splatting a while back but they seemed OK. The problem is the sheer
number of lines of code though. It would be much quicker to rewrite the
code in a different way than to check each part of it fully. This is more
likely to happen as part of a from scratch proxy implementation than
extension of the CERN server though.
This is yet another UNIX screw up. A real O/S simply does not allow
a process to write to its stack. And a real language would have automatic
resource allocation for strings.
Phill
Follow-Ups:
References: