AW: Security Audit, was Re: [crossfire] Server release?
Michael Toennies
michtoen at daimonin.net
Sun Apr 17 14:15:12 CDT 2005
You should have in mind that there is no need to have a "total"
control over every sprintf().
The server has only very few different buffer sizes and the
code is really bugfree - the only real problem are the client->server
communication. But - all that communication has to pass the socket/command
interface. There must be the control. It must be there so or so.
Because its a good idea not only to avoid the buffer overflow but also
to find the hacked client & player - and remove him.
>
tchize wrote:
>
> I fixed this a few time ago (i think). This was related to server
>
> dying on a sigpipe on abrupt connection close.
>
>
>
> Just one note, on security.
>
> Every part of the code is subject to strings overflows. I have seen
>
> countless calls to sprintf instead of snprintf, which is inherently
>
> unsecure. Some parts of those calls involve datas provided
>
by client.
>
>
Yes - using sprintf, strcpy, etc are not safe.
>
>
Unfortunately, some number of those calls are on data
>
passed in, where it would require changing the function
>
prototype to denote how large the buffer is.
>
>
There are still a lot of calls to sprintf/strcpy in the
>
code - fixing those is no smaller matter.
>
>
On the bright side, the server requires no special
>
privileges to run, so could be run in a jail/zone/chroot
>
environment to mitigate the risks.
>
>
>
_______________________________________________
>
crossfire mailing list
>
crossfire at metalforge.org
>
http://mailman.metalforge.org/mailman/listinfo/crossfire
More information about the crossfire
mailing list