From owner-freebsd-audit Fri Dec 3 13:45:54 1999 Delivered-To: freebsd-audit@freebsd.org Received: from barracuda.aquarium.rtci.com (barracuda.aquarium.rtci.com [208.11.247.5]) by hub.freebsd.org (Postfix) with ESMTP id 933C0152A6 for ; Fri, 3 Dec 1999 13:45:50 -0800 (PST) (envelope-from tstromberg@rtci.com) Received: from karma (karma.afterthought.org [208.11.244.6]) by barracuda.aquarium.rtci.com (8.9.3+Sun/8.9.3) with SMTP id QAA22747 for ; Fri, 3 Dec 1999 16:46:00 -0500 (EST) Message-ID: <84724545.944257545945.JavaMail.chenresig@karma> Date: Fri, 3 Dec 1999 16:45:45 -0500 (EST) From: tstromberg@rtci.com To: freebsd-audit@freebsd.org Subject: More binaries with overflows. (7) Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: ICEMail (rel 2.8.2) Organization: Research Triangle Commerce, Inc. Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've improved the breakwidgets program a lot, so I should be getting more results now. I try now to maximize the enviroment space (ENV+argument overflows), so I should find a few of the trickier ones now. This should also improve the stdin overflow checks. I still need to add a feature that says "If I've already found X overflows with this env variable, or this program, go to the next one".. that would save me time from the 100's of cores I get right now. I've experienced a few slowdowns because of regular crashes under -CURRENT, but I'll keep on chugging. here is a few more I found: /usr/bin/error arg overflow, ex: error -I [A*16384] /usr/bin/fsplit arg overflow in -e, ex: fsplit -e [A*16384] /usr/bin/grops arg overflow, ex: grops -c blah [A*16384] /usr/bin/patch arg overflow, ex: patch -r [A*16384] /usr/bin/pr arg overflow, ex: pr -s [A*16384] /usr/bin/ypcat arg overflow in -d, ex: ypcat -d [A*16384] blah /usr/libexec/aout/as stdin overflow in -I, ex: echo "[A*16384]" | as -I I also managed to crash cc1 & cc1plus, but haven't been able to determine why. As always, a collection of core dumps is availabe at http://www.afterthought.org/freebsd/cores .. .. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message