#2 segfaults with chains > 20 hops

closed-fixed
nobody
None
5
2001-12-12
2001-11-02
No

Mixmaster segfaults if it encounters a request for
chaining to a chain longer than 20 hops. This
problem can be exploited locally by using the
commandline or remote by (ab)using the chain
header. Giving remote attackers the ability to crash
a program is a secutity risk.

Example on the Commandline:

$ ./mix -d -l *,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*
Mixmaster 2.9beta31 - Copyright Anonymizer Inc.
Chain:
freaky,rot26,lcs,farout,paranoia,green,freaky,disjoin
t,segfault,randseed,lcs,fre
aky,randseed,marquis,dizum,squirrel,lsd,frog2,har
mless,tonga

$ ./mix -d -l *,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*
Mixmaster 2.9beta31 - Copyright Anonymizer Inc.
Segmentation fault

Originally submitted by drt@un.bewaff.net -
http://c0re.jp/ with attached (and broken) patch.

Affected file is Src/chain.c

Discussion

  • Len Sassaman

    Len Sassaman - 2001-12-12

    Logged In: YES
    user_id=29569

    Fixed.

     
  • Len Sassaman

    Len Sassaman - 2001-12-12
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks