[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-security
Subject:    Re: getpwnam() problem?
From:       Archie Cobbs <archie () whistle ! com>
Date:       1998-10-30 1:05:48
[Download RAW message or body]

Paul Hart writes:
> > > http://www.freebsd.org/cgi/query-pr.cgi?pr=8176
> > 
> > I've located the bug and supplied a patch in a followup...
> > Very simple bug, someone please commit in 2.2 and 3.0.
> 
> I'm running 2.2.7-RELEASE and the How-To-Repeat section in the PR above
> lists:
> 
>     #include <stdio.h>
>     #include <sys/types.h>
>     #include <pwd.h>
> 
>     char zeename[] = "AVeryLongStringGoesHere";
>     struct passwd *gunk;
> 
>     main()
>     {
>         gunk = getpwnam(zeename);
>     }
> 
> as sample code to exercise the bug in getpwnam().  However, it seems to
> have no affect.  No SIGBUS or SIGSEGV that I can see.  The patch in the PR
> for /usr/src/lib/libc/gen/getpwent.c shows that I have (presumably)
> vulnerable code at the diff location, but I don't seem to be experiencing
> problems with it.  Has anyone else noticed these symptoms?

The sample program doesn't cause the bug. Try replacing "zeename" with
a string of 12000 characters.. then you'll see it.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]