1995-09-22 - Re: Another Netscape Bug (and possible security hole)

Header Data

From: herbs@interlog.com (Herb Sutter)
To: cypherpunks@toad.com
Message Hash: 9ff729a910e57eade759de72205c906e7a2d41809efed231e0affce3d1ed6dc0
Message ID: <199509221341.JAA07664@gold.interlog.com>
Reply To: N/A
UTC Datetime: 1995-09-22 13:41:58 UTC
Raw Date: Fri, 22 Sep 95 06:41:58 PDT

Raw message

From: herbs@interlog.com (Herb Sutter)
Date: Fri, 22 Sep 95 06:41:58 PDT
To: cypherpunks@toad.com
Subject: Re: Another Netscape Bug (and possible security hole)
Message-ID: <199509221341.JAA07664@gold.interlog.com>
MIME-Version: 1.0
Content-Type: text/plain


At 07:33 1995.09.22 GMT, Jeff Weinstein wrote:
>In article <199509220612.CAA11441@clark.net>, rjc@clark.net (Ray Cromwell)
writes:
>> I've found a Netscape bug which I suspect is a buffer overflow and
>> may have the potential for serious damage. If it is an overflow bug,
>> then it may be possible to infect every computer which accesses a web
>> page with Netscape. To see the bug, create an html file containing
>> the following:
>
>  Thanks for the report.  I will make sure that this is fixed.
>
>	--Jeff

Don't just look at this bug, though... check ALL your static buffers and
include code to check for overflow writes.  For example, if Netscape is
written in C or C++ and the above code uses strcpy(), you could change
strcpy() to strncpy() everywhere (and then set the last char to null in case
strncpy() didn't).  Your programmers will know what I mean.

Herb

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Herb Sutter                 2228 Urwin, Suite 102       voice (416) 618-0184
Connected Object Solutions  Oakville ON Canada L6L 2T2    fax (905) 847-6019






Thread