Date: Tue, 24 Jun 2014 17:27:46 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Royce Williams <royce@tycho.org> Cc: dt71@gmx.com, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: OB1 Message-ID: <0788DB21-6F15-46D4-A4CB-F95008D736E9@FreeBSD.org> In-Reply-To: <CA%2BE3k90ppWcvudxB4evGUfmQEYnRoodsEg54hwTZTyoRTRTdJQ@mail.gmail.com> References: <20140622135308.GF1824@pwnie.vrt.sourcefire.com> <53A8FBD7.8000900@gmx.com> <12DA5575-B773-4D28-83BB-5AD1F1C84469@FreeBSD.org> <CA%2BE3k90ppWcvudxB4evGUfmQEYnRoodsEg54hwTZTyoRTRTdJQ@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 24 Jun 2014, at 16:28, Royce Williams <royce@tycho.org> wrote: > On Mon, Jun 23, 2014 at 10:49 PM, Dimitry Andric <dim@freebsd.org> wrote: >> On 24 Jun 2014, at 06:17, dt71@gmx.com wrote: >>> Speaking of backdoors... >>> >>> lib/libugidfw/ugidfw.c: >>>> if (len < 0 || len > left) >>> >>> ):< >> >> Well, it's just another off-by-one, no need for conspiracy theories. :) >> >> Btw, I'd mailed about this in 2011 already, but it really isn't very >> important. The only consumer is ugidfw, and then only to print out the >> parsed rules. > > I'm a relative C newbie. Could someone post what the fix would look like? Just replace all the "len > left" expressions with "len >= left". -Dimitry [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlOpmP4ACgkQsF6jCi4glqNMawCg7rUHBN/aotod/KnxMYHyVyOz WDMAoOPIgLpBcZFvPys8BgHHrYFqpCk2 =fCBd -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0788DB21-6F15-46D4-A4CB-F95008D736E9>