Date: Mon, 06 May 2002 00:28:18 +0100 From: ReDeeMeR <g0tr00t@usa.net> To: <FreeBSD-security@freebsd.org> Subject: Re: [Re: Buffer overflow in /usr/games/strfile] Message-ID: <20020505232818.29316.qmail@uwdvg007.cms.usa.net>
index | next in thread | raw e-mail
I have now constructed a patch for this program and have sent it to FreeBSD as part of a Problem Report. Thanks for your pointers, and for the two URLs ... next time I'll learn to RTFM a little more closely. Thanks again, ReDeeMeR Colin Percival <colin.percival@wadham.ox.ac.uk> wrote: > Given that this is not a security issue -- as you point out, "no extra > privileges can be gained" -- this is rather off-topic for -security; > nevertheless, it is less so than discussions of mailing list sender > restrictions, so I'll go ahead and respond. > If you look at > http://www.freebsd.org/cgi/cvsweb.cgi/src/games/fortune/strfile/strfile.c > you'll see the CVS log for the file in question. At present it shows that > the latest change was made six weeks ago; your change has not been > incorporated. > This isn't really surprising, since FreeBSD is run by volunteers, and > unless they are either provided with a patch or convinced that an issue is > vitally important, nothing is likely to happen. You've described a > problem, worked out how to fix it, described how to fix it... but you > haven't completed the final two steps: Generating a patch, and submitting > it as part of a Problem Report. > So, here's what you should do: > 1. Generate a patch for src/games/fortune/strfile/strfile.c. This means > running `diff -c` on the original file and your fixed version. > 2. Use send-pr to generate a problem report. Make sure the synopsis field > starts with [PATCH], and run send-pr with the -a option to include your > patch file. > 3. Wait until a committer notices your pr and incorporates your patch. > > I'd also suggest that you read > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/article.html > and > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/contrib-how.html > > Colin Percival > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020505232818.29316.qmail>