search for: xmcd_cddbpath

...ons), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses out path names from it, dynamically allocating memory for each pathname as it is parsed. The cd_init() functions, which calls cddb_init(), then uses the structure with the dynamically allocated path string and copies it into a fixed length buffer with: sprintf(str, " %s", pa...

...), a popular audio cd player for numerous unix platforms, which allow a user defined environment variable to overflow a fixed size buffer resulting in a complete compromise of system security on machines with XMCD installed suid root. The cddb_init() function reads in the environment variable XMCD_CDDBPATH, and parses out path names from it, dynamically allocating memory for each pathname as it is parsed. The cd_init() functions, which calls cddb_init(), then uses the structure with the dynamically allocated path string and copies it into a fixed length buffer with: sprintf(str, " %s", pa...