Date: Mon, 26 Feb 2001 22:10:26 +0100 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/pccard/pccardd util.c Message-ID: <20010226221026.T20830@speedy.gsinet> In-Reply-To: <200102252339.f1PNdnY01262@billy-club.village.org>; from imp@village.org on Sun, Feb 25, 2001 at 04:39:49PM -0700 References: <20010225131435.A39340@mollari.cthul.hu> <200102251952.f1PJqhe95166@freefall.freebsd.org> <20010225131435.A39340@mollari.cthul.hu> <200102252339.f1PNdnY01262@billy-club.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 25, 2001 at 16:39 -0700, Warner Losh wrote:
>
> pccardd wasn't written with paranoia in mind.
Right. When I lately expanded the macro expansion in the util.c
execute() function I realized there's a randomly (probably large
enough:) buffer is allocated (local var) and filled without
length checks (*cp++ = c).
One could argue that the input values come from files only root
can manipulate.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010226221026.T20830>