HC's Capture the Flag website
CTF Contests
25C3-CTF

25C3-CTF final results

Advisory #66

From team Ailuropoda Melanoleucas

New advisory by : Samsa
Affected service(s): vdspi
Severity [lmh] : low

===== Problem =====

ID search via menu 1 -> 3 does not supports letters,
throws an unhandled exception

===== Impact =====

The service crashes

===== Fix =====

--- vdspi.old/ui-subject_menu.adb 2008-12-29 13:27:06.000000000 -0600
+++ vdspi/ui-subject_menu.adb 2008-12-29 15:46:53.000000000 -0600
@@ -1,3 +1,5 @@
+with Ada.IO_Exceptions;
+
separate (UI)
procedure Subject_Menu (db : in out PersonDB.Person_DB) is
menu : constant String :=
@@ -71,6 +73,9 @@
if n = 0 then
Put_Line (mark & "not found");
end if;
+ exception
+ when Ada.IO_Exceptions.Data_Error =>
+ Put("Invalid ID.");
end;
when others =>
Put_Line (mark & "no");

Rating

[1] ok.

Go back

---

Impressum