-
Notifications
You must be signed in to change notification settings - Fork 450
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix exploitable security bug in options processing
From a bug report, the function escapes(), which is used during options parsing for various options that accept string values, is given user-controlled input that could end with a backslash or caret (or two character "\M"). Such a malformed escape sequence would make it consume the input's end-of-string character and then keep processing whatever followed. That meant that it could generate more data than its output buffer was prepared to hold, making nethack be vulnerable to stack overflow issues. His example that was supposed to clobber the stack didn't trigger any trouble for me, and I didn't bother trying the second one that can allegedly cause the Win32 binary to run another program. But the bug itself is clearly real.
- Loading branch information
nethack.rankin
committed
Aug 3, 2011
1 parent
28ab933
commit 50e12a8
Showing
2 changed files
with
25 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters