Hosting Provided By

strcpy bug

From: xenophi1e <oliver.lavery(at)sympatico.ca>
Date: Sat May 31 2003 - 20:23:24 EDT

('binary' encoding is not supported, stored as-is)

Noticed this while looking for something else. EIP is smacked with a 268 byte filename argument. Anyone know an interesting bit of software that calls LZOpenFileA or W?

.text:77EB63B6 ; ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ S U B R O U T I N E

¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦

.text:77EB63B6 

.text:77EB63B6 ; Attributes: bp-based frame

.text:77EB63B6 

.text:77EB63B6 ; INT __stdcall LZOpenFileA(LPSTR,LPOFSTRUCT,WORD)

.text:77EB63B6                 public LZOpenFileA


.text:77EB63B6 LZOpenFileA     proc near               ; CODE XREF:

LZOpenFileW+5Cp
.text:77EB63B6
.text:77EB63B6 FileName = byte ptr -104h
.text:77EB63B6 lpString2 = dword ptr 8
.text:77EB63B6 lpReOpenBuff = dword ptr 0Ch
.text:77EB63B6 arg_8 = word ptr 10h
.text:77EB63B6
.text:77EB63B6 push ebp
.text:77EB63B7 mov ebp, esp
.text:77EB63B9 sub esp, 104h
.text:77EB63BF push ebx
.text:77EB63C0 push esi
.text:77EB63C1 push edi
.text:77EB63C2 push [ebp+lpString2] ; lpString2
.text:77EB63C5 lea eax, [ebp+FileName]
.text:77EB63CB push eax ; lpString1
.text:77EB63CC call lstrcpyA

Cheers,
~x Received on Sun Jun 1 15:32:35 2003

This message: [ Message body ]
Next message: Joel Eriksson: "Re: netstrings example vulnerable"
Previous message: 3APA3A: "Windows XP SP1 gethostbyaddr() flow (Re[3]: mirc32 6.0x crash when resolving dns.)"
Reply: Dave Korn: "Re: strcpy bug"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:39 EDT