Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Buffer Overflow Vulnerability in ext-cmd.c #79

Closed
prodigysml opened this issue Feb 15, 2018 · 1 comment
Closed

Buffer Overflow Vulnerability in ext-cmd.c #79

prodigysml opened this issue Feb 15, 2018 · 1 comment

Comments

@prodigysml
Copy link

The Issue

A user can overflow the buffer for kadnode-ctl and can control EIP using this. This implies the user can control the execution flow of the program.

Proof of Concept

Run the following command:
./kadnode-ctl $(python -c "print 'A' * 284 + 'BBBB'")

This will trigger a SIGSEGV and provide the output 0x42424242 in ?? ()

image

The line where this issue occurs is as follows:
https://github.com/mwarning/KadNode/blob/master/src/ext-cmd.c#L378

@mwarning
Copy link
Owner

Hi, thanks for reporting the issue.
It was sloppy programming on my part. xD
The buffer overflow was in the client program part. It doesn't affect the daemon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants