New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Null byte on command line on Debian #269
Comments
Details are available at http://www.forallsecure.com/bug-reports/79c31f70848a65002493a88828e05970c3e75c1a/. The input there is a bit more complicated than actually needed to trigger the crash. It boils down to a null byte on the command-line:
perl5i.c line 76 is |
I wrote bin/perl5i.c and I can tell you my C is horrible. Any help and On Thu, Jun 27, 2013 at 2:13 PM, Lars Dɪᴇᴄᴋᴏᴡ 迪拉斯
|
fix dash_m init, simplify dash_e logic (only -e, no -M)
Fix perl5i.c #269 to avoid crash on a null byte in the command line.
Fixed by #273 |
thanks. yes, only mayhem brought me to this :) |
Hi! On Wed, Jul 23, 2014 at 12:38:56PM -0700, Reini Urban wrote:
Is this really fixed with new upstream version 2.13.0? With the reproducer $ perl5i \000 -e still get a Segemntation fault. (this is on Debian unstable, built 2.13.0, but had no further time to Regards, |
I cannot reproduce this on OS X, fwiw, with either 2.12.0 or 2.13.0. |
|
I can reproduce it on Wheezy/Sid with Perl 5.20.1. |
I have it. It was just |
It would walk off argv and then try to printf garbage (probably null). For #269
Security researchers have found crash bugs in perl5i as shipped in Debian Wheezy using Mayhem, an automated bug finding tool. http://lists.debian.org/debian-devel/2013/06/msg00720.html I have started communication with the Mayhem team in order to "short-circuit" the middle-men maintainers and get the details (the buggy command-line input, backtrace after crash, etc.) ASAP.
Is there any need to keep the details confidential until the underlying bugs are fixed? If not, I'll publish them just here.
The text was updated successfully, but these errors were encountered: