Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 27 Jan 2015 18:36:26 -0800
From: Qualys Security Advisory <>
To: endrazine <>
Subject: Re: GHOST gethostbyname() heap overflow in glibc

On Tue, Jan 27, 2015 at 05:47:47PM -0800, endrazine wrote:
> From GHOST.c :
> ...
>   char name[10];
>   memset(name, '0', len);
>   name[len] = '\0';
> ...

Interesting!  But where did you possibly get that code?  Every copy of
our advisory includes the original proof-of-concept, which is quite
different from what you are showing here:

  char name[sizeof(temp.buffer)];


And just in case:

$ md5sum GHOST.c
aa8dbce88e54027dbd4723ccd142f717  GHOST.c

With best regards,

the Qualys Security Advisory team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.