Date: Mon, 24 Nov 2014 18:13:07 +0100 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: Ed Maste <emaste@freebsd.org> Cc: Ted Unangst <tedu@tedunangst.com>, "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Re: fix base64.c "overrun" Message-ID: <CAPQ4ffuFG75Lw0nomZ5UHV5xAgWhLoSGdnP6Fr3GMsQk8XL0fQ@mail.gmail.com> In-Reply-To: <CAPyFy2AN_qvt7o%2BwgYb9Tfo0ctG3vCKq5Z7QOFMGOfgMU-9HGg@mail.gmail.com> References: <6a4308e3ce1d4835be5caef3f96b0c50@tedunangst.com> <CAPyFy2AN_qvt7o%2BwgYb9Tfo0ctG3vCKq5Z7QOFMGOfgMU-9HGg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 24, 2014 at 5:50 PM, Ed Maste <emaste@freebsd.org> wrote: > On 22 November 2014 at 17:09, Ted Unangst <tedu@tedunangst.com> wrote: >> From inspection, it appears FreeBSD's libc base64.c will sometimes >> erroneously fail to decode a base64 string into a precisely sized >> buffer. The overflow check is a little too greedy. The same bug was >> fixed in OpenBSD; it would be helpful if FreeBSD adopted the fix as >> well. :) >> >> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/net/base64.c.diff?r1=1.6&r2=1.7 > > Thanks for the heads-up Ted, I'll take care of getting the fix in. Hi Ed! Check this: https://github.com/HardenedBSD/hardenedBSD/issues/68 https://github.com/HardenedBSD/hardenedBSD/commit/d6e5388b831b190a0ff39898d354ab68b9b6a965 > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4ffuFG75Lw0nomZ5UHV5xAgWhLoSGdnP6Fr3GMsQk8XL0fQ>