Bug 35 - 貼文有可能會把密碼一起貼出來
Summary: 貼文有可能會把密碼一起貼出來
Status: UNCONFIRMED
Alias: None
Product: sonybbs
Classification: Unclassified
Component: 一般 (show other bugs)
Version: latest
Hardware: All All
: Highest critical
Assignee: lantw44
URL:
Depends on:
Blocks:
 
Reported: 2013-10-31 12:57 CST by lantw44
Modified: 2013-10-31 12:58 CST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description lantw44 2013-10-31 12:57:05 CST 
來源:sysop 看板,請用站務帳號進入 sysop 看板查看相關問題回報

登入時故鄉會記在全域變數,密碼登入以後就會一直存在全域變數裡
可是把 DNS 查詢結果寫回故鄉時 (strcpy) 時沒有檢查邊界,然後就 buffer overflow 了

我沒仔細查出問題來源
不過我猜跟這些有關:

lib/dns_name.c => dns_name(),這裡有 strcpy
maple/bbsd.c => main(),他會呼叫 dns_name()
maple/edit.c => ve_banner(),站簽在這裡
Note You need to log in before you can comment on or make changes to this bug.