From owner-cvs-lib Mon Dec 16 10:23:58 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id KAA22682 for cvs-lib-outgoing; Mon, 16 Dec 1996 10:23:58 -0800 (PST) Received: from sovcom.kiae.su (sovcom.kiae.su [193.125.152.1]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id KAA22648; Mon, 16 Dec 1996 10:22:48 -0800 (PST) Received: by sovcom.kiae.su id AA24017 (5.65.kiae-1 ); Mon, 16 Dec 1996 21:17:16 +0300 Received: by sovcom.KIAE.su (UUMAIL/2.0); Mon, 16 Dec 96 21:17:16 +0300 Received: from localhost (nagual.ru [127.0.0.1]) by nagual.ru (8.8.4/8.8.4) with SMTP id VAA00927; Mon, 16 Dec 1996 21:16:40 +0300 (MSK) Date: Mon, 16 Dec 1996 21:16:39 +0300 (MSK) From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7=2C_Andrey_Chernov?= To: Joerg Wunsch Cc: CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-lib@freefall.freebsd.org Subject: Re: cvs commit: src/lib/libc/locale collate.c setrunelocale.c In-Reply-To: <199612161733.JAA19458@freefall.freebsd.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Mon, 16 Dec 1996, Joerg Wunsch wrote: > joerg 96/12/16 09:33:00 > > Modified: lib/libc/locale collate.c setrunelocale.c > Log: > Fix yet another buffer overflow. :-( > > Vulnerable: all programs that use setlocale(LC_COLLATE), > setlocale(LC_CTYPE), or setlocale(LC_ALL). The only setuid/setgid > binary i've found for this is w(1). > Please, back it out, you fix _nothing_, just add snprintf bloat! Buffer range checking already done at earlier stage. -- Andrey A. Chernov http://www.nagual.ru/~ache/