Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: buffer overflow, bad string handling in network lib?
Nevermind -- it looks like a stray entry in my .editrc.
If it turns out it is a real issue, I'll repost.
Apologies for the noise.
-bch
On 5/22/14, B Harder <brad.harder%gmail.com@localhost> wrote:
> Select ktrace output:
>
>
> [...]
>
> 2486 1 ftp GIO fd 1 wrote 5 bytes
> "ftp> "
> 2486 1 ftp RET write 5
> 2486 1 ftp CALL ioctl(0,TIOCGETA,0x7f7ff7b1ca98)
> 2486 1 ftp GIO fd 0 read 44 bytes
>
> "\^B+\0\0\^C\0\0\0\0K\0\0\M-O\^E\0\0\^D\M^?\M^?\^?\^W\^U\^R\M^?\^C\^\\^Z\^Y\^Q\^S\^V\^O\^A\0\^T\M^?\M^@%\0\0\M^@%\0\0"
> 2486 1 ftp RET ioctl 0
> 2486 1 ftp CALL ioctl(0,TIOCSETAW,0x7f7ff7b1ca6c)
> 2486 1 ftp GIO fd 0 wrote 44 bytes
>
> "B+\0\0\^C\0\0\0\0K\0\0\M-C\0\0\0\M^?\M^?\M^?\^?\M^?\^U\M^?\M^?\^C\^\\^Z\M^?\^Q\^S\M^?\^O\^A\0\M^?\M^?\M^@%\0\0\M^@%\0\0"
> 2486 1 ftp RET ioctl 0
> 2486 1 ftp CALL read(0,0x7f7fffffd580,1)
> 2486 1 ftp GIO fd 0 read 1 bytes
> "l"
> 2486 1 ftp RET read 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "l"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL read(0,0x7f7fffffd580,1)
> 2486 1 ftp GIO fd 0 read 1 bytes
> "s"
> 2486 1 ftp RET read 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "\a"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "h"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
> "\a"
> 2486 1 ftp RET write 1
> 2486 1 ftp CALL write(1,0x7f7ff7b0c000,1)
> 2486 1 ftp GIO fd 1 wrote 1 bytes
>
> [...]
>
>
> On 5/22/14, B Harder <brad.harder%gmail.com@localhost> wrote:
>> Hi Martin.
>>
>> I _think_ the 'h' error starts before I even press Return... (/me
>> tests...)
>>
>> kamloops$ ftp ftp.freebsd.org
>> Trying 2001:4f8:0:2::e:21 ...
>> ftp: Can't connect to `2001:4f8:0:2::e:21': No route to host
>> Trying 204.152.184.73:21 ...
>> Connected to freebsd.isc.org.
>> 220 Welcome to freebsd.isc.org.
>> Name (ftp.freebsd.org:bch): anonymous
>> 331 Please specify the password.
>> Password:
>> 230 Login successful.
>> Remote system type is UNIX.
>> Using binary mode to transfer files.
>> ftp> ls
>>
>>
>>
>> ^---- starts spewing 'h' immediately after keying the 's' in "ls".
>>
>> -bch
>>
>>
>> On 5/22/14, Martin Husemann <martin%duskware.de@localhost> wrote:
>>> On Thu, May 22, 2014 at 11:47:38AM -0700, B Harder wrote:
>>>> $ ftp ftp.freebsd.org
>>>> <login anonymous>
>>>> ftp> ls
>>>>
>>>> <screen fills w/ 'h' characters, repeating, presumably forever.
>>>
>>> FWIW: I can not reproduce it, but you might get connected to another
>>> server,
>>> I got to:
>>>
>>> Trying 2001:6c8:130:800::4:21 ...
>>> Connected to ftp.beastie.tdk.net.
>>>
>>>
>>> Martin
>>>
>>
>>
>> --
>> Brad Harder
>> Method Logic Digital Consulting
>> http://www.methodlogic.net/
>> http://twitter.com/bcharder
>>
>
>
> --
> Brad Harder
> Method Logic Digital Consulting
> http://www.methodlogic.net/
> http://twitter.com/bcharder
>
--
Brad Harder
Method Logic Digital Consulting
http://www.methodlogic.net/
http://twitter.com/bcharder
Home |
Main Index |
Thread Index |
Old Index