Date: Tue, 27 Jan 2015 18:19:48 -0800 From: Jonathan Brossard <endrazine@...il.com> To: Qualys Security Advisory <qsa@...lys.com> CC: oss-security@...ts.openwall.com Subject: Re: GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) Dear Qualys team, dear list, > From GHOST.c : > ... > char name; > memset(name, '0', len); > name[len] = '\0'; > ... I have been made aware off line that I have been working with an edited version of GHOST.c : the original version has a name buffer of size 1024, which is indeed perfectly fine to copy 991 + 1 byte ! There is no stack overflow in the original GHOST.c code : my humble appology for the noise :( Best regards, j- [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ