X-Spam-Check-By: sourceware.org Date: Mon, 19 Dec 2005 18:54:21 +0100 From: Corinna Vinschen To: cygwin AT cygwin DOT com Subject: Re: ftp.exe's bug found Message-ID: <20051219175421.GI2965@calimero.vinschen.de> Reply-To: cygwin AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com References: <200512190952 DOT jBJ9qbla009680 AT null2root DOT org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200512190952.jBJ9qbla009680@null2root.org> User-Agent: Mutt/1.4.2i Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com On Dec 19 18:52, saintlinu AT null2root DOT org wrote: > Dear list > > When I use ftp.exe in cygwin, connected to ftp server. > and I just typed 'site AAAA%8x%8x%8x' > > then I faced a suspicious messege on the ftp server's information box > like SITE AAAA 3212 2324 3241 414141 ... > > ftp.exe has format strings bug. right? > > I checked inetutils' source and I found > there is no function that check arguments' validation right or not > > if you'll input a command like 'SITE AAAA%8x%8x%8x...%100c%n%200c%n' > then get a file,'ftp.exe.stackdump'. > > please check this a little problem Thanks, I've uploaded a new inetutils version. Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Project Co-Leader cygwin AT cygwin DOT com Red Hat -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/