Audit of 04af5c7 - Buffer Overflow: sprintf
4.1. Buffer Overflow: sprintf
4.1.1. File 1.2.43
220.127.116.11. The code in this file executes with elevate permissions.
18.104.22.168. The DoTrueCryptShortcutsUninstall function uses szTmp2 string to hold computed paths. The input to sprintf are strings which can be longer than the destination, e.g. ‘sprintf (szTmp2, "%s%s", szLinkDir, "\\TrueCrypt.lnk")’.
22.214.171.124. If the application does not crash from the execution of the sprintf, the modified memory is then passed into system calls, e.g. ‘StatDeleteFile (szTmp2)’.
#1 Updated by Jason Pyeron almost 5 years ago
- Status changed from New to Resolved
[pyeron-issues.ciphershed.org-27 b42e525] resolves https://issues.ciphershed.org/issues/27
2 files changed, 36 insertions(+), 34 deletions(-)
$ git log -1
Author: Jason Pyeron <firstname.lastname@example.org>
Date: Fri Dec 19 09:25:19 2014 -0500
fix other sprintf calls found along the way. There are still many more calls to sprintf and wsprintf in the source as a whole.