Security Audit, was Re: [crossfire] Server release?
Mitch Obrian
mikeeusaaa at yahoo.com
Sun Apr 17 11:33:50 CDT 2005
Still can steal users pass hashes and delete all your
CF data. Bad.
--- Mark Wedel <
mwedel at sonic.net
> wrote:
>
tchize wrote:
>
> I fixed this a few time ago (i think). This was
>
related to server dying on a
>
> sigpipe on abrupt connection close.
>
>
>
> Just one note, on security.
>
> Every part of the code is subject to strings
>
overflows. I have seen countless
>
> calls to sprintf instead of snprintf, which is
>
inherently unsecure. Some
>
> parts of those calls involve datas provided by
>
client.
>
>
Yes - using sprintf, strcpy, etc are not safe.
>
>
Unfortunately, some number of those calls are on
>
data passed in, where it
>
would require changing the function prototype to
>
denote how large the buffer is.
>
>
There are still a lot of calls to sprintf/strcpy
>
in the code - fixing those is
>
no smaller matter.
>
>
On the bright side, the server requires no special
>
privileges to run, so could
>
be run in a jail/zone/chroot environment to mitigate
>
the risks.
>
>
>
_______________________________________________
>
crossfire mailing list
>
crossfire at metalforge.org
>
http://mailman.metalforge.org/mailman/listinfo/crossfire
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the crossfire
mailing list