From owner-freebsd-security  Sat Sep  8  4:24:30 2001
Delivered-To: freebsd-security@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP id CF99B37B405
	for <security@freebsd.org>; Sat,  8 Sep 2001 04:24:27 -0700 (PDT)
Received: from localhost (arr@localhost)
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id f88BOHa09340;
	Sat, 8 Sep 2001 07:24:17 -0400 (EDT)
	(envelope-from arr@watson.org)
Date: Sat, 8 Sep 2001 07:24:16 -0400 (EDT)
From: "Andrew R. Reiter" <arr@watson.org>
To: Alfred Perlstein <bright@mu.org>
Cc: Kris Kennaway <kris@obsecurity.org>, security@freebsd.org
Subject: Re: netbsd vulnerabilities
In-Reply-To: <20010908054930.F2965@elvis.mu.org>
Message-ID: <Pine.NEB.3.96L.1010908071851.9321A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


In defense of that, that'd work obviously, I was just going for the route
that best reflected the man page (and should therefore reflect how it is
used by a user).  the man page states taht nsops is unsigned... the sem.h
prototype states that, yet in semop_args and in the function, we
essentially make it signed.  checking for < 0 is a solution, but i guess I
was thinking for more along the lines of getting that code a bit more
cleaned up.  I just think it's minorly confusing that what a man page
states, really isn't... Either way will clear it up tho :-)

Andrew


On Sat, 8 Sep 2001, Alfred Perlstein wrote:

:* Andrew R. Reiter <arr@watson.org> [010908 05:44] wrote:
:> Hey,
:> 
:> The attached code fixes the semop bug which is specified in the recent
:> NetBSD security announcement.  I'm not positive about hte naming scheme
:> wanted by all in terms of:  size_t vs. unsigned int vs. unsigned.  I made
:> it u_int b/c i saw in sysproto.h that there seemed to be more u_int's
:> instead of size_t's :-)  Great logic.
:
:Uh, why don't you just compare the int arg against 0, if it's less than
:then just return EINVAL.
:
:-Alfred
:

*-------------.................................................
| Andrew R. Reiter 
| arr@fledge.watson.org
| "It requires a very unusual mind
|   to undertake the analysis of the obvious" -- A.N. Whitehead


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message