Date: Sun, 9 Sep 2001 03:14:37 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Alfred Perlstein <bright@mu.org> Cc: "Andrew R. Reiter" <arr@watson.org>, Kris Kennaway <kris@obsecurity.org>, <security@FreeBSD.ORG> Subject: Re: netbsd vulnerabilities Message-ID: <20010909030758.B48694-100000@alphplex.bde.org> In-Reply-To: <20010908054930.F2965@elvis.mu.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 8 Sep 2001, Alfred Perlstein wrote: > * Andrew R. Reiter <arr@watson.org> [010908 05:44] wrote: > > Hey, > > > > The attached code fixes the semop bug which is specified in the recent > > NetBSD security announcement. I'm not positive about hte naming scheme > > wanted by all in terms of: size_t vs. unsigned int vs. unsigned. I made > > it u_int b/c i saw in sysproto.h that there seemed to be more u_int's > > instead of size_t's :-) Great logic. > > Uh, why don't you just compare the int arg against 0, if it's less than > then just return EINVAL. The API apparently specified that it is unsigned (I checked the Linux version). And don't use the hack of type punning the unsigned to int (this part already happens) and checking for the int being less than 0 (this check is missing). We already use the hack of type punning an int to an unsigned in too many places (readv, writev, ...). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909030758.B48694-100000>