From owner-freebsd-audit Mon Dec 2 3:58:31 2002 Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 596FD37B401 for ; Mon, 2 Dec 2002 03:58:29 -0800 (PST) Received: from straylight.ringlet.net (office.sbnd.net [217.75.140.130]) by mx1.FreeBSD.org (Postfix) with SMTP id DF80843EDE for ; Mon, 2 Dec 2002 03:58:24 -0800 (PST) (envelope-from roam@ringlet.net) Received: (qmail 20260 invoked by uid 1000); 2 Dec 2002 11:58:09 -0000 Date: Mon, 2 Dec 2002 13:58:09 +0200 From: Peter Pentchev To: hackers@FreeBSD.org Cc: audit@FreeBSD.org Subject: [CFR] diskpart(1) buffer overflow fix Message-ID: <20021202115809.GD372@straylight.oblivion.bg> Mail-Followup-To: hackers@FreeBSD.org, audit@FreeBSD.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lkTb+7nhmha7W+c3" Content-Disposition: inline User-Agent: Mutt/1.5.1i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --lkTb+7nhmha7W+c3 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, As noted on the vuln-dev list recently, the diskpart(1) program in -stable is susceptible to a buffer overflow in the parsing of command-line arguments. This is a low-risk problem, since diskpart(1) is not - and has never been, and has no reason to ever be - a privileged program, but still, there should be no harm in fixing it :) Attached are two patches: a trivial one which just fixes up two problems in diskpart's argument parsing, and a more complex one, which does it "the right way" IMHO, using getopt(3). Comments? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 =2Esiht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI --lkTb+7nhmha7W+c3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE960rR7Ri2jRYZRVMRAqUGAJ9rxkx1GtoWOm4+0Vr8JSiebpEJYwCfQuRI aL2w88/LULXk5GeP/ZW2kKI= =On5k -----END PGP SIGNATURE----- --lkTb+7nhmha7W+c3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message