BOF in doproxyconnect function
H4niz opened this issue · comments
I found a bof in doproxyconnect()
function:
void doproxyconnect(int socket)
{
int x;
char buf[128];
/* write CONNECT string to proxy */
sprintf((char *)&buf, "CONNECT %s HTTP/1.0\n\n", connect_str);
...
}
We should use snprintf()
instead of sprintf()
.
More:
0x555555558912 <client_accept+594> call doproxyconnect <0x555555558370>
rdi: 0x6In file: /home/h4niz/Downloads/redir-master/redir.c
868 if (connect_str)
► 869 doproxyconnect(sd);pwndbg> ni
*** stack smashing detected ***: terminated
Great, would you like to do a pull request?