Date: Sun, 11 Aug 2002 18:31:45 -0400 From: Niels Provos <provos@citi.umich.edu> To: Kris Kennaway <kris@obsecurity.org> Cc: security@freebsd.org Subject: Re: [provos@citi.umich.edu: OpenBSD Security Advisory: Select Boundary Condition] Message-ID: <20020811223145.GQ22399@citi.citi.umich.edu> In-Reply-To: <20020811214723.GA76470@xor.obsecurity.org> References: <20020811214723.GA76470@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 11, 2002 at 02:47:23PM -0700, Kris Kennaway wrote: > In case anyone is wondering, it looks like FreeBSD fixed this security > hole 6 years ago, in the following commit: > > --- > Revision 1.19 / (download) - annotate - [select for diffs], Tue Aug 20 07:17:48 1996 UTC (5 years, 11 months ago) by smpatel > Branch: MAIN > Changes since 1.18: +43 -15 lines > Diff to previous 1.18 (colored) > > Remove the kernel FD_SETSIZE limit for select(). > Make select()'s first argument 'int' not 'u_int'. > > Reviewed by: bde > --- Read that commit message carefully. That problem was introduced into FreeBSD six years ago. It was fixed last year. revision 1.74 date: 2001/02/27 00:50:20; author: jlemon; state: Exp; lines: +3 -2 Cast nfds to u_int before range checking it in order to catch negative values. PR: 25393 NetBSD fixed it somewhat later. I did not contact anyone at FreeBSD or NetBSD because it was not a problem there in case you were wondering. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020811223145.GQ22399>