Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Jan 2015 18:19:48 -0800
From: Jonathan Brossard <endrazine@...il.com>
To: Qualys Security Advisory <qsa@...lys.com>
CC: oss-security@...ts.openwall.com
Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235)

Dear Qualys team, dear list,

> From GHOST.c :
> ...
>   char name[10];
>   memset(name, '0', len);
>   name[len] = '\0';
> ...

I have been made aware off line that I have been working with an edited
version of GHOST.c : the original version has a name buffer of size
1024, which is indeed perfectly fine to copy 991 + 1 byte !

There is no stack overflow in the original GHOST.c code : my humble
appology for the noise :(

Best regards,

j-




Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ