[python] Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability

[azurIt]

ahojte,

toto prave prislo do bugtraqu. otestovat som to nemohol lebo python 2.5 nemam nikde nainstalovany (mozno skusi niekto ini ?). posielam len pre zaujimavost :)

azur


	-----Pôvodná správa-----
	Od: starcadi starcadi [mailto:starcadi na gmail.com]
	Komu: bugtraq na securityfocus.com
	Predmet: Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability
	
	
	Description:
	
	The source of python contain a various modules, the zlib module
	contain a minigzip tool, ( * minigzip is a minimal implementation of
	the gzip utility.  ).
	
	Source error:
	
	the error was found in:
	- void file_compress(file, mode)
	because the use of strcpy() is inapropriatly
	
	--
	#define MAX_NAME_LEN 1024
	[..]
	void file_compress(file, mode)
	char  *file;
	char  *mode;
	{
	local char outfile[MAX_NAME_LEN];
	FILE  *in;
	gzFile out;
	
	strcpy(outfile, file);
	strcat(outfile, GZ_SUFFIX);
	--
	
	the function file_compress() was called by main() function.
	
	Proof of concept:
	
	if you want test the vulnerability try:
	$ minigzip `perl -e "print 'A'x1050"`
	
	-- starcadi