Skip to main content.

2001-Jan-23

Checked for more buffer overflows using long command-line argument (as described previously in 18/Jan/2001) under /usr/sbin, /usr/local/bin, /usr/local/sbin. I didn't find anything except my own "mailout" SMTP program (I knew it had bugs!). I also did the same in /usr/X11R6/bin, but it was hard to tell. For a while my screen, keyboard and mouse clicks locked up (mouse could still move); but from a remote login I continued the work. When I killed my testing off, my mouse, display and keyboard was usable again. I received segmentation faults in loadshlib and gnomecc (several times); but loadshlib also seg faulted without any arguments and I couldn't reproduce the gnomecc with it directly (must have been someother program calling it?).

I also did the same test, but with two 99999-character arguments in /bin and /sbin. No seg faults found.