Date: Mon, 06 May 2002 00:28:18 +0100 From: ReDeeMeR <g0tr00t@usa.net> To: <FreeBSD-security@freebsd.org> Subject: Re: [Re: Buffer overflow in /usr/games/strfile] Message-ID: <20020505232818.29316.qmail@uwdvg007.cms.usa.net>
next in thread | raw e-mail | index | archive | help
I have now constructed a patch for this program and have sent it to FreeB= SD as part of a Problem Report. Thanks for your pointers, and for the two URLs ... next time I'll learn t= o RTFM a little more closely. Thanks again, ReDeeMeR = = Colin Percival <colin.percival@wadham.ox.ac.uk> wrote: > Given that this is not a security issue -- as you point out, "no ext= ra = > privileges can be gained" -- this is rather off-topic for -security; = > nevertheless, it is less so than discussions of mailing list sender = > restrictions, so I'll go ahead and respond. > If you look at = > http://www.freebsd.org/cgi/cvsweb.cgi/src/games/fortune/strfile/strfile= =2Ec = > you'll see the CVS log for the file in question. At present it shows t= hat = > the latest change was made six weeks ago; your change has not been = > incorporated. > This isn't really surprising, since FreeBSD is run by volunteers, an= d = > unless they are either provided with a patch or convinced that an issue= is = > vitally important, nothing is likely to happen. You've described a = > problem, worked out how to fix it, described how to fix it... but you = > haven't completed the final two steps: Generating a patch, and submitti= ng = > it as part of a Problem Report. > So, here's what you should do: > 1. Generate a patch for src/games/fortune/strfile/strfile.c. This mean= s = > running `diff -c` on the original file and your fixed version. > 2. Use send-pr to generate a problem report. Make sure the synopsis fi= eld = > starts with [PATCH], and run send-pr with the -a option to include your= = > patch file. > 3. Wait until a committer notices your pr and incorporates your patch. > = > I'd also suggest that you read = > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/artic= le.html > and = > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/contrib-= how.html > = > Colin Percival > = To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020505232818.29316.qmail>