'Re: buffer overflow, bad string handling in network lib?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-current-users
Subject:    Re: buffer overflow, bad string handling in network lib?
From:       B Harder <brad.harder () gmail ! com>
Date:       2014-05-22 20:15:31
Message-ID: CABfrOT-eGb7dOcjc2hiBbBfXZXdEuhH+jMXVuYO2GfJJLFgb2w () mail ! gmail ! com
[Download RAW message or body]

Nevermind -- it looks like  a stray entry in my .editrc.

If it turns out it is a real issue, I'll repost.

Apologies for the noise.

-bch


On 5/22/14, B Harder <brad.harder@gmail.com> wrote:
> Select ktrace output:
> 
> 
> [...]
> 
> 2486      1 ftp      GIO   fd 1 wrote 5 bytes
> "ftp> "
> 2486      1 ftp      RET   write 5
> 2486      1 ftp      CALL  ioctl(0,TIOCGETA,0x7f7ff7b1ca98)
> 2486      1 ftp      GIO   fd 0 read 44 bytes
> 
> "\^B+\0\0\^C\0\0\0\0K\0\0\M-O\^E\0\0\^D\M^?\M^?\^?\^W\^U\^R\M^?\^C\^\\^Z\^Y\^Q\^S\^V\^O\^A\0\^T\M^?\M^@%\0\0\M^@%\0\0"
>  2486      1 ftp      RET   ioctl 0
> 2486      1 ftp      CALL  ioctl(0,TIOCSETAW,0x7f7ff7b1ca6c)
> 2486      1 ftp      GIO   fd 0 wrote 44 bytes
> 
> "B+\0\0\^C\0\0\0\0K\0\0\M-C\0\0\0\M^?\M^?\M^?\^?\M^?\^U\M^?\M^?\^C\^\\^Z\M^?\^Q\^S\M^?\^O\^A\0\M^?\M^?\M^@%\0\0\M^@%\0\0"
>  2486      1 ftp      RET   ioctl 0
> 2486      1 ftp      CALL  read(0,0x7f7fffffd580,1)
> 2486      1 ftp      GIO   fd 0 read 1 bytes
> "l"
> 2486      1 ftp      RET   read 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "l"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  read(0,0x7f7fffffd580,1)
> 2486      1 ftp      GIO   fd 0 read 1 bytes
> "s"
> 2486      1 ftp      RET   read 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "\a"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "h"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> "\a"
> 2486      1 ftp      RET   write 1
> 2486      1 ftp      CALL  write(1,0x7f7ff7b0c000,1)
> 2486      1 ftp      GIO   fd 1 wrote 1 bytes
> 
> [...]
> 
> 
> On 5/22/14, B Harder <brad.harder@gmail.com> wrote:
> > Hi Martin.
> > 
> > I _think_ the 'h' error starts before I even press Return... (/me
> > tests...)
> > 
> > kamloops$ ftp ftp.freebsd.org
> > Trying 2001:4f8:0:2::e:21 ...
> > ftp: Can't connect to `2001:4f8:0:2::e:21': No route to host
> > Trying 204.152.184.73:21 ...
> > Connected to freebsd.isc.org.
> > 220 Welcome to freebsd.isc.org.
> > Name (ftp.freebsd.orgbch): anonymous
> > 331 Please specify the password.
> > Password:
> > 230 Login successful.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls
> > 
> > 
> > 
> > ^---- starts spewing 'h' immediately after keying the 's' in "ls".
> > 
> > -bch
> > 
> > 
> > On 5/22/14, Martin Husemann <martin@duskware.de> wrote:
> > > On Thu, May 22, 2014 at 11:47:38AM -0700, B Harder wrote:
> > > > $ ftp ftp.freebsd.org
> > > > <login anonymous>
> > > > ftp> ls
> > > > 
> > > > <screen fills w/ 'h' characters, repeating, presumably forever.
> > > 
> > > FWIW: I can not reproduce it, but you might get connected to another
> > > server,
> > > I got to:
> > > 
> > > Trying 2001:6c8:130:800::4:21 ...
> > > Connected to ftp.beastie.tdk.net.
> > > 
> > > 
> > > Martin
> > > 
> > 
> > 
> > --
> > Brad Harder
> > Method Logic Digital Consulting
> > http://www.methodlogic.net/
> > http://twitter.com/bcharder
> > 
> 
> 
> --
> Brad Harder
> Method Logic Digital Consulting
> http://www.methodlogic.net/
> http://twitter.com/bcharder
> 


-- 
Brad Harder
Method Logic Digital Consulting
http://www.methodlogic.net/
http://twitter.com/bcharder


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic