[prev in list] [next in list] [prev in thread] [next in thread] 

List:       user-mode-linux-devel
Subject:    Re: [uml-devel] security bug in uml_net.c?
From:       Steve Schnepp <snide () free ! fr>
Date:       2003-05-24 10:07:01
[Download RAW message or body]

On Fri, May 23, 2003 at 11:31:06PM -0400, SecurityTracker wrote:
> Suggested patch: uml_net.c
>     - if(v > CURRENT_VERSION){
>     + if ((v > CURRENT_VERSION) || (v < 0)) {
	
That's the minimal change patch. Perfect suggestion, since it has
the least side effects. 

But what about the idea to declare v directly as an unsigned int ?

	Steve

-- 
GPG public key available from http://snide.free.fr/gpg/snide-free.fr.asc
   Or by email to "snide at free.fr" with "send key pub" as subject
   Fingerprint: 91E3 C5F1 2641 4D0F EDD0  7116 D187 5929 14A8 FDA2


-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
User-mode-linux-devel mailing list
User-mode-linux-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
[prev in list] [next in list] [prev in thread] [next in thread]