[prev in list] [next in list] [prev in thread] [next in thread]
List: netbsd-current-users
Subject: Re: buffer overflow, bad string handling in network lib?
From: B Harder <brad.harder () gmail ! com>
Date: 2014-05-22 20:15:31
Message-ID: CABfrOT-eGb7dOcjc2hiBbBfXZXdEuhH+jMXVuYO2GfJJLFgb2w () mail ! gmail ! com
[Download RAW message or body]
Nevermind -- it looks like a stray entry in my .editrc.
If it turns out it is a real issue, I'll repost.
Apologies for the noise.
-bch
On 5/22/14, B Harder <brad.harder@gmail.com> wrote:
> Select ktrace output:
>
>
> [...]
>
> 2486 1 ftp GIO fd 1 wrote 5 bytes
> "ftp> "
> 2486 1 ftp RET write 5
> 2486 1 ftp CALL ioctl(0,TIOCGETA,0x7f7ff7b1ca98)
> 2486 1 ftp GIO fd 0 read 44 bytes
>
> "\^B+\0\0\^C\0\0\0\0K\0\0\M-O\^E\0\0\^D\M^?\M^?\^?\^W\^U\^R\M^?\^C\^\\^Z\^Y\^Q\^S\^V\^O\^A\0\^T\M^?\M^@%\0\0\M^@%\0\0"
> 2486 1 ftp RET ioctl 0
> 2486 1 ftp CALL ioctl(0,TIOCSETAW,0x7f7ff7b1ca6c)
> 2486 1 ftp GIO fd 0 wrote 44 bytes
>
> "B+\0\0\^C\0\0\0\0K\0\0\M-C\0\0\0\M^?\M^?\M^?\^?\M^?\^U\M^?\M^?\^C\^\\^Z\M^?\^Q\^S\M^?\^O\^A\0\M^?\M^?\M^@%\0\0\M^@%\0\0"
> 2486 1 ftp RET ioctl 0
> 2486 1 ftp CALL read(0,0x7f7fffffd580,1)
> 2486 1 ftp GIO fd 0 read 1 bytes
> "l"
> 2486 1 ftp RET read 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "l"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL read(0,0x7f7fffffd580,1)
> 2486 1 ftp GIO fd 0 read 1 bytes
> "s"
> 2486 1 ftp RET read 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "\a"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "\a"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
>
> [...]
>
>
> On 5/22/14, B Harder <brad.harder@gmail.com> wrote:
> > Hi Martin.
> >
> > I _think_ the 'h' error starts before I even press Return... (/me
> > tests...)
> >
> > kamloops$ ftp ftp.freebsd.org
> > Trying 2001:4f8:0:2::e:21 ...
> > ftp: Can't connect to `2001:4f8:0:2::e:21': No route to host
> > Trying 204.152.184.73:21 ...
> > Connected to freebsd.isc.org.
> > 220 Welcome to freebsd.isc.org.
> > Name (ftp.freebsd.orgbch): anonymous
> > 331 Please specify the password.
> > Password:
> > 230 Login successful.
> > Remote system type is UNIX.
> > Using binary mode to transfer files.
> > ftp> ls
> >
> >
> >
> > ^---- starts spewing 'h' immediately after keying the 's' in "ls".
> >
> > -bch
> >
> >
> > On 5/22/14, Martin Husemann <martin@duskware.de> wrote:
> > > On Thu, May 22, 2014 at 11:47:38AM -0700, B Harder wrote:
> > > > $ ftp ftp.freebsd.org
> > > > <login anonymous>
> > > > ftp> ls
> > > >
> > > > <screen fills w/ 'h' characters, repeating, presumably forever.
> > >
> > > FWIW: I can not reproduce it, but you might get connected to another
> > > server,
> > > I got to:
> > >
> > > Trying 2001:6c8:130:800::4:21 ...
> > > Connected to ftp.beastie.tdk.net.
> > >
> > >
> > > Martin
> > >
> >
> >
> > --
> > Brad Harder
> > Method Logic Digital Consulting
> > http://www.methodlogic.net/
> > http://twitter.com/bcharder
> >
>
>
> --
> Brad Harder
> Method Logic Digital Consulting
> http://www.methodlogic.net/
> http://twitter.com/bcharder
>
--
Brad Harder
Method Logic Digital Consulting
http://www.methodlogic.net/
http://twitter.com/bcharder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic