[prev in list] [next in list] [prev in thread] [next in thread]
List: net-snmp-bugs
Subject: [ net-snmp-Bugs-520649 ] smux.c uses strcpy on unsafe input?
From: noreply () sourceforge ! net
Date: 2002-02-21 11:14:27
[Download RAW message or body]
Bugs item #520649, was opened at 2002-02-20 13:18
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=112694&aid=520649&group_id=12694
Category: agent
Group: None
>Status: Closed
>Resolution: Fixed
>Priority: 2
Submitted By: John Sellens (jsellens)
>Assigned to: John Naylon (jbpn)
Summary: smux.c uses strcpy on unsafe input?
Initial Comment:
In the 4.2.3 distribution and the current CVS tree,
agent/mibgroup/smux/smux.c has this around line 169:
/* password */
if (cptr)
strcpy(aptr->sa_passwd, cptr);
I'm pretty sure that cptr points into arbitrary data
submitted
by a potential smux client, and so likely can't be
trusted.
Perhaps this (or similar) is called for?
strncpy(aptr->sa_passwd, cptr,
sizeof(aptr->sa_passwd)-1);
(which I haven't tested)
Cheers - thanks for all your work!
John
jsellens@generalconcepts.com
----------------------------------------------------------------------
>Comment By: John Naylon (jbpn)
Date: 2002-02-21 03:14
Message:
Logged In: YES
user_id=93926
You're right, this could cause problems. I've commited the
attached patch to the repository, and this fix will be in
4.2.4. I doubt that this could be exploited as a security
hole since the attacker would already need write permission
for the configuration file, but still. Also, please note
that the SMUX protocol is no longer actively supported; the
protocol has major flaws and AgentX, which is supported, is
better in many ways.
Thanks for the bug report!
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=112694&aid=520649&group_id=12694
_______________________________________________
Net-snmp-bugs mailing list
Net-snmp-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic