[nas] nas: Multiple Vulnerabilities in nas 1.9.3
Erik Auerswald
auerswal at unix-ag.uni-kl.de
Thu Aug 15 09:07:57 MDT 2013
Hi,
On Thu, Aug 15, 2013 at 03:04:32PM +0200, Erik Auerswald wrote:
> On Thu, Aug 15, 2013 at 01:07:20PM +0200, Erik Auerswald wrote:
> > On Thu, Aug 15, 2013 at 09:27:53AM +0430, Hamid Zamani wrote:
> > > On 08/15/2013 03:07 AM, Erik Auerswald wrote:
> > > [...]
> > > just a issue is in my mind and it is about 'AuServerHostName'. It's
> > > correct that almost all of string calls fixed right now but i think for
> > > later use it would be better to think about checking this or use a
> > > limitation about it. What do you think ?
> >
> > [...]
> > It was easier to just mechanically add range checks, than to understand
> > and check for what constitutes a correct value for AUDIOHOST. ;-)
>
> The code in question is used on Amoeba (http://www.cs.vu.nl/pub/amoeba/)
> only. As far as I understand the code it will not work without the
> AUDIOHOST environment variable, because AuServerHostName is not set
> anywhere else. The AuServerHostName variable is used on Amoeba only.
>
> Unless somebody comes up with a patch or a good description of how to check
> this variable, I suggest leaving this code as is.
Interestingly, the current code uses two slightly different formats:
connection.c: snprintf(host, sizeof host, "%s/%s:%s", DEF_AUSVRDIR, AuServerHostName,
connection.c- 0 /* port */ );
iopreader.c: snprintf(host, sizeof host, "%s/%s/%s", HOST_DIR, AuServerHostName,
iopreader.c- DEF_IOPSVRNAME);
Both use AuServerHostName as middle portion, but different separators for
the last part of 'host'.
Any Amoeba developers or users around that could shed some light on this?
;-)
Cheers,
Erik
More information about the nas
mailing list