mach-kernel/cadius

Buffer overflow in Main.c

prodigysml opened this issue · 2 comments

prodigysml commented

A buffer overflow was detected in Main.c. The local_buffer variable takes the value of argv[4] without any bounds checking which causes the issue.

The assignment of the user-controlled variable is given below:

cadius/Src/Main.c

Line 897 in a9dd04a

strcpy(local_buffer,argv[4]);

A screenshot of the crash is given below:
image

mach-kernel commented

Hi @prodigysml, thanks for the bug report. I'll plug this into my next batch of fixes. I must say that I am surprised to see someone using this tool in this manner.

Thanks!

mach-kernel commented 
$ ./cadius CREATEVOLUME abc abc `python2 -c 'print "A" * 296 + "BBBBBB"'`                                                                                                             2.4.0
./cadius v 1.3.1, (c) Brutal Deluxe 2011-2013.
  Error: Argument too long!

This is fixed and will ship with #13. I feel that this is kind of contrived, but at the very least it may prevent someone from potentially messing up their local disk images. 👍