current-users: Re: vixie-crontab vunerable?

Subject: Re: vixie-crontab vunerable?
To: David Brownlee <david@mono.org>
From: John F. Woods <jfw@jfwhome.funhouse.com>
List: current-users
Date: 12/16/1996 11:04:23

>	Does anyone know if we vunerable to this?

Yes.  load_env() needs to limit the length of the name of variables to
MAX_TEMPSTR (100); it currently only checks that the length of the name+value
is less than MAX_ENVSTR (1000).

There's a whole bunch of fixed-length stack char arrays in cron that look ripe
for exploits :-(.