'[ net-snmp-Bugs-520649 ] smux.c uses strcpy on unsafe input?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       net-snmp-bugs
Subject:    [ net-snmp-Bugs-520649 ] smux.c uses strcpy on unsafe input?
From:       noreply () sourceforge ! net
Date:       2002-02-21 11:14:27
[Download RAW message or body]

Bugs item #520649, was opened at 2002-02-20 13:18
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=112694&aid=520649&group_id=12694

Category: agent
Group: None
>Status: Closed
>Resolution: Fixed
>Priority: 2
Submitted By: John Sellens (jsellens)
>Assigned to: John Naylon (jbpn)
Summary: smux.c uses strcpy on unsafe input?

Initial Comment:
In the 4.2.3 distribution and the current CVS tree,
agent/mibgroup/smux/smux.c has this around line 169:

        /* password */
        if (cptr)
          strcpy(aptr->sa_passwd, cptr);

I'm pretty sure that cptr points into arbitrary data
submitted
by a potential smux client, and so likely can't be
trusted.

Perhaps this (or similar) is called for?

        strncpy(aptr->sa_passwd, cptr,
sizeof(aptr->sa_passwd)-1);

(which I haven't tested)

Cheers - thanks for all your work!

John
jsellens@generalconcepts.com

        

----------------------------------------------------------------------

>Comment By: John Naylon (jbpn)
Date: 2002-02-21 03:14

Message:
Logged In: YES 
user_id=93926

You're right, this could cause problems.  I've commited the
attached patch to the repository, and this fix will be in
4.2.4.  I doubt that this could be exploited as a security
hole since the attacker would already need write permission
for the configuration file, but still.  Also, please note
that the SMUX protocol is no longer actively supported; the
protocol has major flaws and AgentX, which is supported, is
better in many ways.

Thanks for the bug report!

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=112694&aid=520649&group_id=12694

_______________________________________________
Net-snmp-bugs mailing list
Net-snmp-bugs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic