[prev in list] [next in list] [prev in thread] [next in thread]
List: freebsd-security
Subject: Re: getpwnam() problem?
From: Archie Cobbs <archie () whistle ! com>
Date: 1998-10-30 1:05:48
[Download RAW message or body]
Paul Hart writes:
> > > http://www.freebsd.org/cgi/query-pr.cgi?pr=8176
> >
> > I've located the bug and supplied a patch in a followup...
> > Very simple bug, someone please commit in 2.2 and 3.0.
>
> I'm running 2.2.7-RELEASE and the How-To-Repeat section in the PR above
> lists:
>
> #include <stdio.h>
> #include <sys/types.h>
> #include <pwd.h>
>
> char zeename[] = "AVeryLongStringGoesHere";
> struct passwd *gunk;
>
> main()
> {
> gunk = getpwnam(zeename);
> }
>
> as sample code to exercise the bug in getpwnam(). However, it seems to
> have no affect. No SIGBUS or SIGSEGV that I can see. The patch in the PR
> for /usr/src/lib/libc/gen/getpwent.c shows that I have (presumably)
> vulnerable code at the diff location, but I don't seem to be experiencing
> problems with it. Has anyone else noticed these symptoms?
The sample program doesn't cause the bug. Try replacing "zeename" with
a string of 12000 characters.. then you'll see it.
-Archie
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic