Harry Sintonen
#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot?
If you build it on a modern system and want to try exploiting it in true 90s fashion, be sure to turn off address space layout randomisation (ASLR).
Harry Sintonen
The httpget 0.2 doesn't quite work in the form it was uploaded.
First it uses hardcoded argv, argc insteda of getting from the app invocation (as args in main, the code uses void main).
Second obtaining any data from the socket will result in the app stopping and leaving behind en empty file (if (nread) break;).
This program could never download anything. It is likely some work in progress or modified test version of httpget.
So while the code has a local stack buffer overflow it can't be triggered for this early version.
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.