Date: Sat, 21 Aug 2004 16:30:19 GMT From: "Sergey S. Kostyliov" <rathamahata@ehouse.ru> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/70699: Typo in ports/devel/libedit, possible buffer overflow in libedit/history.c:history_save() Message-ID: <200408211630.i7LGUJUt050981@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/70699; it has been noted by GNATS.
From: "Sergey S. Kostyliov" <rathamahata@ehouse.ru>
To: freebsd-gnats-submit@FreeBSD.org, rathamahata@ehouse.ru
Cc:
Subject: Re: ports/70699: Typo in ports/devel/libedit, possible buffer overflow in libedit/history.c:history_save()
Date: Sat, 21 Aug 2004 20:24:20 +0400
Otto Moerbeek <otto@drijf.net>
has just pointed out that the:
max_size = (len + 1023) & ~1023;
patch is not enough (see http://www.sigmasoft.com/cgi-bin/wilma_hiliter/openbsd-bugs/200408/msg00092.html)
"... If
len is a multiple of 1024,
max_size = (len + 1023) & ~1023;
wil not increase it. Should probably be
max_size = (len + 1024) & ~1023;"
It looks like his statement is correct and either his patch or something like:
http://www.sigmasoft.com/cgi-bin/wilma_hiliter/openbsd-bugs/200408/msg00096.html
(which is a bit more intrusive but seems more self documented to me) is needed.
--
Sergey S. Kostyliov <rathamahata@ehouse.ru>
Jabber ID: rathamahata@jabber.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408211630.i7LGUJUt050981>