Date: Mon, 3 Nov 2014 21:05:15 +0000 From: mancha <mancha1@...o.com> To: oss-security@...ts.openwall.com Subject: Re: RE: strings /libbfd crash On Mon, Nov 03, 2014 at 09:56:30PM +0100, Hanno Böck wrote: > Am Tue, 04 Nov 2014 05:21:42 +1100 schrieb Joshua Rogers > <oss@...ernot.info>: > > > I'd like to expand on this: > > http://openwall.com/lists/oss-security/2014/10/27/4 and mention that > > 'ihex.c' is also vulnerable to the same thing, as they share the > > same code. > > > > > :10010000214601360121470136007EFE09D2190140 > > > :100110002146017E17C0001FF5F16002148011928 > > > :10012000194E79234623965778239EDA3F01B2CAA7 > > > :100130003F0156702B5E712B722B732146013421C7 :00000001Ff > > > > is an example of code that will crash it. > > I can't reproduce that, I just get BFD: test1.ihex:2: unexpected > character `s' in Intel Hex file > > Can you upload the raw file somewhereß The printable chars are all that's needed. There appears to be a stack overflow in ihex_scan() but you might need an intrumented binary to see it. --mancha Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.