From owner-freebsd-security  Wed Oct 28 11:15:02 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA02215
          for freebsd-security-outgoing; Wed, 28 Oct 1998 11:15:02 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from kitsune.swcp.com (swcp.com [198.59.115.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA02202
          for <freebsd-security@freebsd.org>; Wed, 28 Oct 1998 11:14:59 -0800 (PST)
          (envelope-from synk@swcp.com)
Received: (from synk@localhost) by kitsune.swcp.com (8.8.8/1.2.3) id MAA07942 for freebsd-security@freebsd.org; Wed, 28 Oct 1998 12:14:20 -0700 (MST)
Date: Wed, 28 Oct 1998 12:14:20 -0700 (MST)
From: Brendan Conoboy <synk@swcp.com>
Message-Id: <199810281914.MAA07942@kitsune.swcp.com>
To: freebsd-security@FreeBSD.ORG
Subject: getpwnam() problem?
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

A couple weeks ago I filled out a little bug report with the GNATS
form, but it's received no attention (maybe I should have marked it as
critical?).  Anyway, since it may well be security related, I wanted to
point it out here.  The condensed version is that if getpwnam() is
given a very large string (say a few thousand characters) it will
sigsegv or sigbus.  This is true for 2.2.7-stable (as of a few weeks
ago) and 3.0-release.  Perhaps it's nothing, perhaps it's something,
but it certainly doesn't happen on a whole slew of other OSes.  The
problem report is at:

http://www.freebsd.org/cgi/query-pr.cgi?pr=8176

-Brendan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message