InfoSect's Month of Pointless Bugs (#24)

InfoSect, Canberra's hackerspace, regularly runs public group sessions to perform code review and vulnerability discovery. Over the next 30 days, I'll highlight the source code of 30 unknown vulnerabilities.

Bug #24

In the omega-rpg game:

void player_dump( void )
{
  FILE *dumpfile;
  char dump_name[ 32 ];
        
  /* build player dump file name as "charactername.txt" */
  strncpy( dump_name, Player.name, 27 );

  strcat( dump_name, ".txt" );


strncpy is not guaranteed to NUL terminate. This might lead to a buffer overflow in the proceeding strcat.

Comments

Popular posts from this blog

NetBSD kernel wscons IOCTL vulnerable bug class

Linux Kernel Infoleaks

InfoSect's Month of Pointless Bugs (#1, #2)