RE: buffer overflow on zsh-3.1.9

["Jonel Rienton" <nelski@xxxxxxxxxxxxxxxx>]

doesn't this constitute for a malicious user to bring down your system in a
multi environment box?

Jonel Rienton
----------------------------------------------
http://qmail.freebsduser.org/qmail.html
This email is sent by qmail-1.03 on a
FreeBSD 4.1-STABLE box

-----Original Message-----
From: Bart Schaefer [mailto:schaefer@xxxxxxxxxxxxxxxxxxxxxxx]
Sent: Monday, August 14, 2000 1:38 PM
To: Jonel Rienton; zsh-workers@xxxxxxxxxxxxxx
Subject: Re: buffer overflow on zsh-3.1.9


On Aug 14,  1:34pm, Jonel Rienton wrote:
} Subject: buffer overflow on zsh-3.1.9

It's not a buffer overflow.

} 1. hold down the alt key
} 2. while holding alt key press 9 six times

You've just told zsh that you want it to repeat the next command 999999
times.

} 3 release both keys, hit any letter or number

The next command is to insert that character.  Zsh faithfully attempts to
insert one character 999999 times.  Every 256 or so insertions it allocates
a larger buffer; eventually your system runs out of memory and zsh gives
up and crashes.

The buffer didn't overflow -- that is, I doubt zsh wrote any bytes beyond
the bounds of any buffer it succeeded in allocating.

We *could* put some sort of arbitrary limit on the maximum numeric prefix
argument, to prevent large repetitions like this, but this is clearly a
case of pilot error rather than programming error.

--
Bart Schaefer                                 Brass Lantern Enterprises
http://www.well.com/user/barts              http://www.brasslantern.com

Zsh: http://www.zsh.org | PHPerl Project: http://phperl.sourceforge.net