From owner-freebsd-bugs Tue Nov 24 10:59:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA23749 for freebsd-bugs-outgoing; Tue, 24 Nov 1998 10:59:24 -0800 (PST) (envelope-from owner-freebsd-bugs@FreeBSD.ORG) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA23742 for ; Tue, 24 Nov 1998 10:59:23 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.8/8.8.5) id LAA18164; Tue, 24 Nov 1998 11:00:01 -0800 (PST) Date: Tue, 24 Nov 1998 11:00:01 -0800 (PST) Message-Id: <199811241900.LAA18164@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.ORG From: Alexander Viro Subject: Re: bin/8790: [PATCH] Buffer overrun in nvi-1.79. Reply-To: Alexander Viro Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR bin/8790; it has been noted by GNATS. From: Alexander Viro To: David Greenman Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/8790: [PATCH] Buffer overrun in nvi-1.79. Date: Tue, 24 Nov 1998 13:55:29 -0500 (EST) Sorry for followup to myself, but: *** lib/libc/regex/regcomp.c.old Tue Nov 24 13:45:54 1998 --- lib/libc/regex/regcomp.c Tue Nov 24 13:47:16 1998 *************** *** 613,619 **** (void)REQUIRE(starordinary, REG_BADRPT); /* FALLTHROUGH */ default: ! ordinary(p, c &~ BACKSL); break; } --- 613,619 ---- (void)REQUIRE(starordinary, REG_BADRPT); /* FALLTHROUGH */ default: ! ordinary(p, (char)c); break; } That is, regex in libc has the same vulnerability. And libc _is_ used in suid programs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message