ftp.exe's bug found
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon Dec 19 17:54:00 GMT 2005
On Dec 19 18:52, saintlinu@null2root.org wrote:
> Dear list
>
> When I use ftp.exe in cygwin, connected to ftp server.
> and I just typed 'site AAAA%8x%8x%8x'
>
> then I faced a suspicious messege on the ftp server's information box
> like SITE AAAA 3212 2324 3241 414141 ...
>
> ftp.exe has format strings bug. right?
>
> I checked inetutils' source and I found
> there is no function that check arguments' validation right or not
>
> if you'll input a command like 'SITE AAAA%8x%8x%8x...%100c%n%200c%n'
> then get a file,'ftp.exe.stackdump'.
>
> please check this a little problem
Thanks, I've uploaded a new inetutils version.
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list