Buffer overflow in Main.c

mach-kernel / cadius

A maintained fork of BrutalDeluxe's Cadius ProDOS disk imaging utility (used for making Apple II disk images).

GNU General Public License v3.0

31 stars 9 forks source link

Buffer overflow in Main.c #12

Closed prodigysml closed 6 years ago

prodigysml commented 6 years ago

A buffer overflow was detected in Main.c. The local_buffer variable takes the value of argv[4] without any bounds checking which causes the issue.

The assignment of the user-controlled variable is given below: https://github.com/mach-kernel/cadius/blob/a9dd04a61f32ab220ee2f710bc9b7777a52e2579/Src/Main.c#L897

A screenshot of the crash is given below:

mach-kernel commented 6 years ago

Hi @ProDigySML, thanks for the bug report. I'll plug this into my next batch of fixes. I must say that I am surprised to see someone using this tool in this manner.

Thanks!

mach-kernel commented 6 years ago

$ ./cadius CREATEVOLUME abc abc `python2 -c 'print "A" * 296 + "BBBBBB"'`                                                                                                             2.4.0
./cadius v 1.3.1, (c) Brutal Deluxe 2011-2013.
  Error: Argument too long!

This is fixed and will ship with #13. I feel that this is kind of contrived, but at the very least it may prevent someone from potentially messing up their local disk images. :+1: