On 8/11/14, 3:07 PM, Hádrian R wrote:
> Hi, I'm Hádrien Romero Soria - @Kaiwaiata, I am a 16 year old boy,
> passionate about computer security, since more than 8h searching and
> finding various possible vulnerabilities in source code of bash..
> I will tell you one vulnerability now, if they treat me well I will tell
> the other..
>
> foolish or important things?
>
> unsafe use of *strcpy():*
>
> bash-4.3.tar\bash-4.3\lib\sh\unicode.c:
> *line 87: *strcpy (charsetbuf, locale);
Thanks for the report. This is a potential vulnerability if the value of
the LC_CTYPE variable is longer than 40 characters.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
