From owner-freebsd-audit  Tue Jun  5  4:59: 0 2001
Delivered-To: freebsd-audit@freebsd.org
Received: from shade.nectar.com (gw.nectar.com [208.42.49.153])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8CEBE37B405; Tue,  5 Jun 2001 04:58:57 -0700 (PDT)
	(envelope-from nectar@nectar.com)
Received: (from nectar@localhost)
	by shade.nectar.com (8.11.3/8.11.3) id f55Bwqk31009;
	Tue, 5 Jun 2001 06:58:52 -0500 (CDT)
	(envelope-from nectar)
Date: Tue, 5 Jun 2001 06:58:52 -0500
From: "Jacques A. Vidrine" <n@nectar.com>
To: freebsd-audit@freebsd.org
Cc: mikeh@freebsd.org
Subject: Re: Fwd: [$HOME buffer overflow in SunOS 5.8 x86]
Message-ID: <20010605065852.B30939@shade.nectar.com>
Mail-Followup-To: "Jacques A. Vidrine" <n@nectar.com>,
	freebsd-audit@freebsd.org, mikeh@freebsd.org
References: <20010604185510.B47924@shade.nectar.com> <20010604191356.A48356@shade.nectar.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010604191356.A48356@shade.nectar.com>; from n@nectar.com on Mon, Jun 04, 2001 at 07:13:57PM -0500
X-Url: http://www.nectar.com/
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-audit.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-audit>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-audit>
X-Loop: FreeBSD.ORG

On Mon, Jun 04, 2001 at 07:13:57PM -0500, Jacques A. Vidrine wrote:
> On Mon, Jun 04, 2001 at 06:55:11PM -0500, Jacques A. Vidrine wrote:
> > There  are several  other potential  overflows (sprintf,  strcpy), but
> > here  is  a  patch  for  ones involving  HOME.   I  don't  think  this
> > represents a security problem, though.
> 
> Oops, forgot patch to extern.h.  Here's the whole set again, with that
> leading.

I had a dream last night  that someone already patched this, and more,
in  -CURRENT over  2 months  ago,  and that  I had  even reviewed  the
changes 8-)  I don't know why  I didn't check -CURRENT  before doing a
quick fix.

Mike, how about MFCing your mail commits?

Cheers,
-- 
Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message