[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-hackers
Subject: Re: OB1
From: Dimitry Andric <dim () FreeBSD ! org>
Date: 2014-06-24 15:27:46
Message-ID: 0788DB21-6F15-46D4-A4CB-F95008D736E9 () FreeBSD ! org
[Download RAW message or body]
On 24 Jun 2014, at 16:28, Royce Williams <royce@tycho.org> wrote:
> On Mon, Jun 23, 2014 at 10:49 PM, Dimitry Andric <dim@freebsd.org> wrote:
>> On 24 Jun 2014, at 06:17, dt71@gmx.com wrote:
>>> Speaking of backdoors...
>>>
>>> lib/libugidfw/ugidfw.c:
>>>> if (len < 0 || len > left)
>>>
>>> ):<
>>
>> Well, it's just another off-by-one, no need for conspiracy theories. :)
>>
>> Btw, I'd mailed about this in 2011 already, but it really isn't very
>> important. The only consumer is ugidfw, and then only to print out the
>> parsed rules.
>
> I'm a relative C newbie. Could someone post what the fix would look like?
Just replace all the "len > left" expressions with "len >= left".
-Dimitry
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
iEYEARECAAYFAlOpmP4ACgkQsF6jCi4glqNMawCg7rUHBN/aotod/KnxMYHyVyOz
WDMAoOPIgLpBcZFvPys8BgHHrYFqpCk2
=fCBd
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic