unmass Buffer Overflow

unmass is a package in Linux (e.g., Ubunut) to "ëxtract game archive files"
        void FillListSorted( e_sort sorttype );

        CWndSize        SizeCtrls;

        char    ProgramPath[ 512 ], TempDir[ 512 ]; // no end slashes

        int             NoExtInCombo;

        int             ArchiveOpened;

};

Ok.. so ProgramPath and TempDir are both 512 bytes.
BOOL CUnmasswDlg::OnInitDialog()
{
        CDialog::OnInitDialog();

        icon = LoadIcon( AfxGetInstanceHandle(), MAKEINTRESOURCE( IDR_MAINFRAME 
) );
        SetIcon( icon, true );          // Set big icon
        SetIcon( icon, false );         // Set small icon


        ArchiveOpened = 0;

        int             i;

        GetModuleFileName( NULL, ProgramPath, 512 );
        i = strlen( ProgramPath ) - 1;
        while (( ProgramPath[ i ] != '\\' ) && ( ProgramPath[ i ] != '/' ))
                i--;
        ProgramPath[ i ] = 0;

        strcpy( TempDir, ProgramPath );
        strcat( TempDir, "\\TEMP" );

TempDir can have more than 512 bytes written to it. A simple buffer overflow.

Popular posts from this blog

Empowering Women in Cybersecurity: InfoSect's 2024 Training Initiative

C++ Memory Corruption (std::string) - part 4

Pointer Compression in V8