Search

1/04/2007

MoAB (Month of Apple Bugs)

Month of Apple Bugs 開跑
Application Enhancer (APE)
the Month of Kernel Bugs (MoKB) archive
1. MOAB-01-01-2007: Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
2. MOAB-02-01-2007: VLC Media Player udp:// Format String Vulnerability

兩個都差不多, 用過長的url造成buffer overflow. 下面強者是利用Application Enhancer的解法.
檢查url的長度, 太長就改成另外一個安全的url, 然後再送給本來的handler

static const char safeURL[] = "http://rtsp.example.com/example.mov";
void *guard_INet_ParseURLServer(char *url, uint32_t length) {
if (length > RTSP_MAXLENGTH) {
apeprintf("Someone probably just attempted to exploit CVE-2007-0015, url=%s\n", url);
return orig_INet_ParseURLServer((char *) safeURL, sizeof(safeURL)-1);
}

return orig_INet_ParseURLServer(url, length);

沒有留言: