Date: 19 Jul 2001 19:18:58 +0200 From: Assar Westerlund <assar@FreeBSD.ORG> To: Matt Dillon <dillon@earth.backplane.com> Cc: "Jacques A. Vidrine" <n@nectar.com>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, Mike Tancsa <mike@sentex.net>, Kris Kennaway <kris@obsecurity.org>, security@FreeBSD.ORG Subject: Re: FreeBSD remote root exploit ? Message-ID: <5ld76w25x9.fsf@assaris.sics.se> In-Reply-To: Matt Dillon's message of "Thu, 19 Jul 2001 10:12:25 -0700 (PDT)" References: <200107190547.f6J5lmD66188@cwsys.cwsent.com> <200107190747.f6J7lMU71487@earth.backplane.com> <20010719102230.L27900@madman.nectar.com> <200107191657.f6JGvG574763@earth.backplane.com> <5llmlk26j4.fsf@assaris.sics.se> <200107191712.f6JHCPD75088@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dillon <dillon@earth.backplane.com> writes: > It's even owrse... size_t is unsigned, so once you overflow the buffer > the 'remaining' amount will be some huge number and you are screwed. Yeah, I know. I changed them to `int' too. But if it wouldn't have overflowed, it wouldn't have mattered... /assar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5ld76w25x9.fsf>