Summary
Activity
Tracker
Lists
News
Files

[#311178] Buffer overflow in http.c

View Trackers | Bugs | Download .csv | Submit New | Monitor

Date:
2008-10-13 21:02		 Priority:
5
State:
Closed
Submitted by:
Philipp Hagemeister (phihag-guest) 		Assigned to:
Philipp Hagemeister (phihag-guest)
Summary:
Buffer overflow in http.c

Detailed description
In http.c (about line 236, function http_encode), Axel copies an input array of size <=MAX_STRING to one of size MAX_STRING, but translates some characters to multi-byte ones, leading to a buffer overflow that can be exploited by overly long URLs containing spaces. This allows any contacted HTTP server to execute arbitrary code on a system running Axel.

The attached patch fixes the problem.

Add A Comment: Notepad

Followup

Message
Date: 2008-10-14 16:39
Sender: Philipp Hagemeister

Sorry, yet another correction: Versions <1.1 are not affected either by overly long redirects. Therefore, this vulnerability can NOT be exploited from a remote host.
Date: 2008-10-14 16:36
Sender: Philipp Hagemeister

I am sorry, the above vulnerability description is wrong. The vulnerability can NOT be exploited by a remote server since version 1.1.
Date: 2008-10-13 21:38
Sender: Philipp Hagemeister

Fixed in r54 and v2.2.

Attached Files:

Attachments:
axel-2.2-buffer-overflow.patch

Changes:

Field Old Value Date By
close_date2008-10-14 16:392008-10-14 16:39phihag-guest
close_date2008-10-14 16:362008-10-14 16:36phihag-guest
status_idOpen2008-10-13 21:38phihag-guest
close_date2008-10-13 21:382008-10-13 21:38phihag-guest
File Added2883: axel-2.2-buffer-overflow.patch2008-10-13 21:02phihag-guest
Powered By FusionForge
Show source