Date: Thu, 28 Jun 2001 00:22:11 -0400 (EDT) From: Mike Heffner <mheffner@novacoxmail.com> To: dd@FreeBSD.org Cc: freebsd-bugs@FreeBSD.org, marcolz@stack.nl, freebsd-gnats-submit@freebsd.org Subject: Re: bin/19422: users can overflow argv to make ps segfault Message-ID: <XFMail.20010628002211.mheffner@novacoxmail.com> In-Reply-To: <200106280139.f5S1dnD13060@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
When I looked at this it appears that rev. 1.10 of fmt.c was meant to fix this. However it looks like the change just increased the buffer size, but didn't put any restrictions on the strvis() -- which just means a bigger string is needed to overflow `buf'. But I haven't looked at the code in detail, so there might be caps on the size of argv[0] some where else that would block any overflow. On 28-Jun-2001 dd@FreeBSD.org wrote: | Synopsis: users can overflow argv to make ps segfault | | State-Changed-From-To: open->feedback | State-Changed-By: dd | State-Changed-When: Wed Jun 27 18:39:20 PDT 2001 | State-Changed-Why: | I can't reproduce this on a recent -current or -stable. Is this still | a problem? Mike -- Mike Heffner <mheffner@[acm.]vt.edu> Fredericksburg, VA <mikeh@FreeBSD.org> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20010628002211.mheffner>