From owner-freebsd-bugs Wed Dec 12 1:51:42 2001 Delivered-To: freebsd-bugs@freebsd.org Received: from straylight.ringlet.net (sentinel.office1.bg [217.75.134.126]) by hub.freebsd.org (Postfix) with SMTP id A3A3337B41B for ; Wed, 12 Dec 2001 01:51:35 -0800 (PST) Received: (qmail 4412 invoked by uid 1000); 12 Dec 2001 09:50:39 -0000 Date: Wed, 12 Dec 2001 11:50:39 +0200 From: Peter Pentchev To: Mike Heffner Cc: freebsd-gnats-submit@freebsd.org, Marc Olzheim , FreeBSD-bugs Subject: Re: bin/19422: users can overflow argv to make ps segfault Message-ID: <20011212115039.B934@straylight.oblivion.bg> Mail-Followup-To: Mike Heffner , freebsd-gnats-submit@freebsd.org, Marc Olzheim , FreeBSD-bugs References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mheffner@vt.edu on Tue, Dec 11, 2001 at 11:18:54PM -0500 Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, Dec 11, 2001 at 11:18:54PM -0500, Mike Heffner wrote: > > Well, I've looked at this a little more. I was able to reproduce it (it > took a few times though). Unfortunately, the patch isn't as simple as the > one in the PR. Could you please try the attached patch? There is still a > problem though, and that is that the strlen()s can seg. fault if the > argv[] strings aren't NULL terminated - I don't know how to fix this > problem though :( If argv[] is the program arguments' array, as passed to main(), then you should not worry about it - its elements are supposed to be proper C strings, i.e. terminated by a '\0' character, and I still have to see a platform where they are not :) G'luck, Peter -- This sentence would be seven words long if it were six words shorter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message