From owner-freebsd-security  Fri Aug  2  8:33:28 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F1EB737B400
	for <security@FreeBSD.ORG>; Fri,  2 Aug 2002 08:33:24 -0700 (PDT)
Received: from obsidian.sentex.ca (obsidian.sentex.ca [64.7.128.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5EDF643E72
	for <security@FreeBSD.ORG>; Fri,  2 Aug 2002 08:33:24 -0700 (PDT)
	(envelope-from mike@sentex.net)
Received: from simian.sentex.net (pyroxene.sentex.ca [199.212.134.18])
	by obsidian.sentex.ca (8.12.5/8.12.5) with ESMTP id g72FXLSE077540;
	Fri, 2 Aug 2002 11:33:22 -0400 (EDT)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.1.6.0.20020802113549.0541a008@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Fri, 02 Aug 2002 11:36:35 -0400
To: "Andrey A. Chernov" <ache@nagual.pp.ru>, security@FreeBSD.ORG
From: Mike Tancsa <mike@sentex.net>
Subject: Re: [ache@FreeBSD.org: cvs commit: src/lib/libc/locale
  setlocale.c]
In-Reply-To: <20020802011225.GA6411@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Virus-Scanned: By Sentex Communications (obsidian/20020220)
X-Spam-Status: No, hits=-3.4 required=7.0
	tests=IN_REP_TO
	version=2.31
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Hi,
         Was this still going to be MFC'd ?

         ---Mike

At 05:12 AM 02/08/2002 +0400, Andrey A. Chernov wrote:
>Please fill security advisory for this fix (first part). That original BSD
>code bug can be exploitable.
>
>----- Forwarded message from "Andrey A. Chernov" <ache@FreeBSD.org> -----
>
>Date: Thu, 1 Aug 2002 18:04:49 -0700 (PDT)
>From: "Andrey A. Chernov" <ache@FreeBSD.org>
>Subject: cvs commit: src/lib/libc/locale setlocale.c
>To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
>
>ache        2002/08/01 18:04:49 PDT
>
>   Modified files:
>     lib/libc/locale      setlocale.c
>   Log:
>   Prevent out of bounds writting for too many slashes case.
>   Replace strnpy + ='\0' with strlcpy
>
>   MFC after:      1 day
>
>   Revision  Changes    Path
>   1.35      +10 -14    src/lib/libc/locale/setlocale.c
>
>----- End forwarded message -----
>
>--
>Andrey A. Chernov
>http://ache.pp.ru/
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message