Date: Wed, 28 Oct 1998 12:14:20 -0700 (MST) From: Brendan Conoboy <synk@swcp.com> To: freebsd-security@FreeBSD.ORG Subject: getpwnam() problem? Message-ID: <199810281914.MAA07942@kitsune.swcp.com>
next in thread | raw e-mail | index | archive | help
A couple weeks ago I filled out a little bug report with the GNATS form, but it's received no attention (maybe I should have marked it as critical?). Anyway, since it may well be security related, I wanted to point it out here. The condensed version is that if getpwnam() is given a very large string (say a few thousand characters) it will sigsegv or sigbus. This is true for 2.2.7-stable (as of a few weeks ago) and 3.0-release. Perhaps it's nothing, perhaps it's something, but it certainly doesn't happen on a whole slew of other OSes. The problem report is at: http://www.freebsd.org/cgi/query-pr.cgi?pr=8176 -Brendan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810281914.MAA07942>