Subject: snarf: crashes when parsing bad PASV response from server Package: snarf Version: 7.0-4 Severity: important Tags: patch
Hello, I have found a remote crash bug in snarf. The code that parses PASV responses from FTP servers doesn't handle the case where there are too few commas in the response very well. It will call strchr(3) in a way that causes NULL dereferencing, and thus a Segmentation Fault. I have attached a patch that corrects this issue, and a test server in Perl, snarf-crasher.pl, that exhibits the problem. You have to configure inetd to use snarf-crasher.pl as the FTP server, if you want to test it. // Ulf Harnhammar -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages snarf depends on: ii libc6 2.3.5-8 GNU C Library: Shared libraries an snarf recommends no packages. -- no debconf information -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 8 at http://www.opera.com Powered by Outblaze
snarf-crasher.pl
Description: Binary data
snarf.nullderef.patch
Description: Binary data
