From owner-freebsd-audit Tue Apr 25 23:24:49 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 68DC337B860 for ; Tue, 25 Apr 2000 23:24:48 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id XAA14847 for ; Tue, 25 Apr 2000 23:24:48 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 25 Apr 2000 23:24:47 -0700 (PDT) From: Kris Kennaway To: audit@freebsd.org Subject: libmytinfo Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Okay guys, here's our first real challenge :-) As you probably know, libmytinfo on 3.X had an overflow reported on bugtraq..I've committed a fix for this one, but the rest of that code scares me a lot - there are undoubtedly other problems remaining. We need to do a thorough audit of libncurses, libmytinfo, libtermcap, and libcurses in 3.X, as well as 4.0. 3.X and 4.X have different versions of ncurses (the 3.X version is positively ancient), hopefully the newer one is safer. This particular overflow was an unguarded while() loop which copies a string, but the library also makes use of unsafe string functions which accept input from getenv() :-( Hopefully we'll find the remaining bugs before anyone else does :-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message