KiTTY
KiTTY copied to clipboard
Published
20 hours ago •
cyd01
cyd01
kitty.c buffer overflow
kitty.c buffer overflow - suggest title[1024 + 15]
assuming GetWindowText promises to end with a NUL.
int ManageLocalCmd( HWND hwnd, const char * cmd ) {
char buffer[1024] = "", title[1024] = "" ;
⋮
} else if( (cmd[0]=='t')&&(cmd[1]=='i')&&(cmd[2]=='\0') ) { // __ti: Recuperation du titre de la fenetres
GetWindowText( hwnd, buffer, 1024 ) ;
sprintf( title, "printf \"\\033]0;%s\\007\"\n", buffer ) ;
SendStrToTerminal( title, strlen(title) ) ;
return 1 ;
bash$
(cd /tmp && cc -xc - && (./a.out; echo \$? = $?)) <<.
#include <stdio.h>
#include <string.h>
int main () {
char buffer[1024] = "", title[1024] = "" ;
sprintf( title, "printf \"\\033]0;%s\\007\"\n", buffer ) ;
return strlen( title ) ;
}
.
$? = 15
