From owner-freebsd-audit Tue Dec 7 13:36:22 1999 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 40CBC154D5; Tue, 7 Dec 1999 13:36:20 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 2FE0A1CD41E; Tue, 7 Dec 1999 13:36:19 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 7 Dec 1999 13:36:19 -0800 (PST) From: Kris Kennaway To: tstromberg@rtci.com Cc: freebsd-audit@freebsd.org Subject: Re: FW: Buffer overflows In-Reply-To: <84714733.944601517508.JavaMail.chenresig@karma> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 7 Dec 1999 tstromberg@rtci.com wrote: > This was sent to me by Theo DeRaadt (everyone on this list should be > familiar with him). I thought you guys might be interested since we > seem to be helping each other quite a bit. We may want to integrate > several of their programs as we see here, or at least apply similar > fixes if need be. I'm going through and merging across all of the fixes from OpenBSD (/bin is almost done so far). However, at least a few of the OpenBSD ones were unfortunately bogus (using the sizeof() of your source, not destination string, etc) or otherwise not quite right (corrected an off-by-one error with another more benign off-by-one error, etc), so it's not completely trivial. Plus, there's no guarantee they've found all of the problems (e.g. the recent flurry of commits since your posts here :), and our codebases are slightly divergent, so we still have further work to do. I probably won't have much time to work on this further until January, as I'm trying to get OpenSSL cleaned up for committing, have exams to study for, and I'm going home over christmas :-) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message