X-Spam-Check-By: sourceware.org
Date: Mon, 19 Dec 2005 18:52:37 +0900
From: saintlinu AT null2root DOT org
Message-Id: <200512190952.jBJ9qbla009680@null2root.org>
To: cygwin AT cygwin DOT com
Subject: ftp.exe's bug found
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

Dear list
 
When I use ftp.exe in cygwin, connected to ftp server.
and I just typed 'site AAAA%8x%8x%8x' 
 
then I faced a suspicious messege on the ftp server's information box
like SITE AAAA 3212 2324 3241 414141 ...

ftp.exe has format strings bug. right?
 
I checked inetutils' source and I found
there is no function that check arguments' validation right or not
 
if you'll input a command like 'SITE AAAA%8x%8x%8x...%100c%n%200c%n'
then get a file,'ftp.exe.stackdump'.
 
please check this a little problem
 
Cheers 
 
Alex
 
included some info.
 
$ ls -la `which ftp.exe`
-rwxrwxrwx  1 saintlinu mkgroup-l-d 57344 Aug 20 03:10 /usr/bin/ftp.exe
 
$ md5sum `which ftp.exe`
27685810cf969652679572b156da6358 */usr/bin/ftp.exe
 
<snip>
int
#if defined(HAVE_STDARG_H) && defined(__STDC__) && __STDC__
command (const char *fmt, ...)
#else
command(va_alist)
va_dcl
#endif
{
 va_list ap;
#if !(defined(HAVE_STDARG_H) && defined(__STDC__) && __STDC__) 
 const char *fmt;
#endif
 int r;
 sig_t oldintr;
 abrtflag = 0;
 if (debug) {
  printf("---> ");
#if defined(HAVE_STDARG_H) && defined(__STDC__) && __STDC__
  va_start (ap, fmt);
#else
  va_start(ap);
  fmt = va_arg(ap, char *); 
#endif
  if (strncmp("PASS ", fmt, 5) == 0)
   printf("PASS XXXX");
  else 
   vfprintf(stdout, fmt, ap);
  va_end(ap);
  printf("\n");
  (void) fflush(stdout);
 } 
 if (cout == NULL) {
  warn("No control connection for command");
  code = -1;
  return (0);
 }
 oldintr = signal(SIGINT, cmdabort);
#if defined(HAVE_STDARG_H) && defined(__STDC__) && __STDC__ 
 va_start (ap, fmt);
#else
 va_start(ap);
 fmt = va_arg(ap, char *);
#endif
 vfprintf(cout, fmt, ap);
 va_end(ap);
 fprintf(cout, "\r\n");
 (void) fflush(cout);
 cpend = 1;
 r = getreply(!strcmp(fmt, "QUIT")); 
 if (abrtflag && oldintr != SIG_IGN)
  (*oldintr)(SIGINT);
 (void) signal(SIGINT, oldintr);
 return (r);
}

</snip>
-- 
Make Our Internet Secure With H4ck3rz 


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/