reboss
commented
7 years ago Well I won't be using it for a security interview that's for sure lol.
Thanks though, that's pretty useful info.
On Apr 25, 2017 14:06, "Kevin Saforo" notifications@github.com wrote:
Went for an interview and they pointed out a security exploit in our system.
In struct _fileInfo on line 63, it contains the following member:
long long int fileLen;
The file length should never be negative so it shouldn't be signed. If the user passes a negative number, it will be interpreted as a REALLY big integer. On line 624 we receive all and just accept whatever we get. Which can leave to overwriting our packet buffer and bad things happen.
Changing the long long int to a unsigned would cause line 273 to create a compile warning:
info->fileLen = atoll(temp);
So we'd need a substitute for atoll.
Just wanted to point this out incase any of you guys put Spycomm on your resume.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/afmartin/CMPT361-Spycomm/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AOblc4fEYzhNzf1ar1EBo-lFDNeQqJjiks5rzlJNgaJpZM4NH_Ui .
Went for an interview and they pointed out a security exploit in our system.
In struct _fileInfo on line 63, it contains the following member:
long long int fileLen;The file length should never be negative so it shouldn't be signed. If the user passes a negative number, it will be interpreted as a REALLY big integer. On line 624 we receive all and just accept whatever we get. Which can leave to overwriting our packet buffer and bad things happen.
Changing the long long int to a unsigned would cause line 273 to create a compile warning:
info->fileLen = atoll(temp);So we'd need a substitute for atoll.
Just wanted to point this out incase any of you guys put Spycomm on your resume.