[axel-devel] [axel-Bugs][311178] Buffer overflow in http.c

axel-bugs at alioth.debian.org axel-bugs at alioth.debian.org
Tue Oct 14 16:36:18 UTC 2008


Bugs item #311178, was opened at 2008-10-13 21:02
Status: Closed
Priority: 5
Submitted By: Philipp Hagemeister (phihag-guest)
Assigned to: Philipp Hagemeister (phihag-guest)
Summary: Buffer overflow in http.c 


Initial Comment:
In http.c (about line 236, function http_encode), Axel copies an input array of size <=MAX_STRING to one of size MAX_STRING, but translates some characters to multi-byte ones, leading to a buffer overflow that can be exploited by overly long URLs containing spaces. This allows any contacted HTTP server to execute arbitrary code on a system running Axel.

The attached patch fixes the problem.



----------------------------------------------------------------------

>Comment By: Philipp Hagemeister (phihag-guest)
Date: 2008-10-14 16:36

Message:
I am sorry, the above vulnerability description is wrong. The vulnerability can NOT be exploited by a remote server since version 1.1.

----------------------------------------------------------------------

Comment By: Philipp Hagemeister (phihag-guest)
Date: 2008-10-13 21:38

Message:
Fixed in r54 and v2.2.

----------------------------------------------------------------------

You can respond by visiting: 
http://alioth.debian.org/tracker/?func=detail&atid=413085&aid=311178&group_id=100070



More information about the axel-devel mailing list