current-users: gzip buffer overflow found

Subject: gzip buffer overflow found
To: None <current-users@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: current-users
Date: 01/18/2001 18:46:34

This is some notes from some research. I still need to send-pr these if
applicable. This is 1.5.1_ALPHA (i386).

Seg faults with 99999-character long argument.

gzip via zmore (zmore runs "gzip -cdfq")

Program terminated with signal 11, Segmentation fault.
#0  0x805a7a2 in ?? ()
(gdb) bt
#0  0x805a7a2 in ?? ()
#1  0x8048db7 in ?? ()
#2  0x8048acd in ?? ()
#3  0x80481bd in ?? ()

Built with debugging:

Program terminated with signal 11, Segmentation fault.
#0  0x805a7a2 in strcpy ()
(gdb) bt
#0  0x805a7a2 in strcpy ()
#1  0x80a7100 in ifname ()
#2  0x8048db7 in treat_file ()
#3  0x8048acd in main ()
#4  0x80481bd in ___start ()

How do I look at this backtrace to find out where the trouble routine is?

(Of course, maybe the 18 strcpy()'s in gzip.c should be checked, replaced,
fixed.)

   Jeremy C. Reed
   http://www.reedmedia.net/