Date: Thu, 2 Sep 1999 04:20:02 -0700 (PDT) From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/13535: Finger bug: possible stack overflow Message-ID: <199909021120.EAA67170@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/13535; it has been noted by GNATS. From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> To: sheldonh@uunet.co.za Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/13535: Finger bug: possible stack overflow Date: Thu, 02 Sep 1999 20:13:13 +0900 From: Sheldon Hearn <sheldonh@uunet.co.za> Subject: Re: bin/13535: Finger bug: possible stack overflow Date: Thu, 02 Sep 1999 12:49:31 +0200 > On Thu, 02 Sep 1999 12:50:11 +0900, Yoshihiro Koya wrote: > > > Apply the patch below: > > What is your patch supposed to do? It only doubles the size of a buffer > which we _always_ seem to do bounded manipulation on. Can you spot > anything in the finger source that fiddles with tput without checking > its size and termination? _That_ would make for a proper fix. > I checked the source code of chpass ( /usr/src/usr.bin/chpass/edit.c ). I found there the chpass program assumes that the length of gecos is less than ABOUT 2048 bytes. This is the reason why I put LINE_MAX there. About the manupulation on bound, you are right. I only paid my attention to the size of buffer. As you said, the current version of the source code in the CVS repository has no problem. Sorry for my misunderstanding. koya To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909021120.EAA67170>