[axel-devel] [axel-Bugs][311178] Buffer overflow in http.c
axel-bugs at alioth.debian.org
axel-bugs at alioth.debian.org
Tue Oct 14 16:39:59 UTC 2008
Bugs item #311178, was opened at 2008-10-13 21:02
Status: Closed
Priority: 5
Submitted By: Philipp Hagemeister (phihag-guest)
Assigned to: Philipp Hagemeister (phihag-guest)
Summary: Buffer overflow in http.c
Initial Comment:
In http.c (about line 236, function http_encode), Axel copies an input array of size <=MAX_STRING to one of size MAX_STRING, but translates some characters to multi-byte ones, leading to a buffer overflow that can be exploited by overly long URLs containing spaces. This allows any contacted HTTP server to execute arbitrary code on a system running Axel.
The attached patch fixes the problem.
----------------------------------------------------------------------
>Comment By: Philipp Hagemeister (phihag-guest)
Date: 2008-10-14 16:39
Message:
Sorry, yet another correction: Versions <1.1 are not affected either by overly long redirects. Therefore, this vulnerability can NOT be exploited from a remote host.
----------------------------------------------------------------------
Comment By: Philipp Hagemeister (phihag-guest)
Date: 2008-10-14 16:36
Message:
I am sorry, the above vulnerability description is wrong. The vulnerability can NOT be exploited by a remote server since version 1.1.
----------------------------------------------------------------------
Comment By: Philipp Hagemeister (phihag-guest)
Date: 2008-10-13 21:38
Message:
Fixed in r54 and v2.2.
----------------------------------------------------------------------
You can respond by visiting:
http://alioth.debian.org/tracker/?func=detail&atid=413085&aid=311178&group_id=100070
More information about the axel-devel
mailing list