Date: Mon, 26 Feb 2001 22:10:26 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/pccard/pccardd util.c Message-ID: <20010226221026.T20830@speedy.gsinet> In-Reply-To: <200102252339.f1PNdnY01262@billy-club.village.org>; from imp@village.org on Sun, Feb 25, 2001 at 04:39:49PM -0700 References: <20010225131435.A39340@mollari.cthul.hu> <200102251952.f1PJqhe95166@freefall.freebsd.org> <20010225131435.A39340@mollari.cthul.hu> <200102252339.f1PNdnY01262@billy-club.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 25, 2001 at 16:39 -0700, Warner Losh wrote: > > pccardd wasn't written with paranoia in mind. Right. When I lately expanded the macro expansion in the util.c execute() function I realized there's a randomly (probably large enough:) buffer is allocated (local var) and filled without length checks (*cp++ = c). One could argue that the input values come from files only root can manipulate. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010226221026.T20830>