Date: Tue, 25 Apr 2000 23:24:47 -0700 (PDT) From: Kris Kennaway <kris@FreeBSD.org> To: audit@freebsd.org Subject: libmytinfo Message-ID: <Pine.BSF.4.21.0004252316210.13185-100000@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
Okay guys, here's our first real challenge :-)
As you probably know, libmytinfo on 3.X had an overflow reported on
bugtraq..I've committed a fix for this one, but the rest of that code
scares me a lot - there are undoubtedly other problems remaining.
We need to do a thorough audit of libncurses, libmytinfo, libtermcap, and
libcurses in 3.X, as well as 4.0. 3.X and 4.X have different versions of
ncurses (the 3.X version is positively ancient), hopefully the newer one
is safer. This particular overflow was an unguarded while() loop which
copies a string, but the library also makes use of unsafe string functions
which accept input from getenv() :-(
Hopefully we'll find the remaining bugs before anyone else does :-)
Kris
----
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe@alum.mit.edu>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0004252316210.13185-100000>