Date: Mon, 03 Feb 1997 02:48:34 -0500 From: Dan Cross <tenser@spitfire.ecsel.psu.edu> To: Security Administrator <sadmin@roundtable.cif.rochester.edu> Cc: freebsd-security@freebsd.org, bugtraq@netspace.org Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <19970203074835.13187.qmail@spitfire.ecsel.psu.edu> In-Reply-To: Your message of "Mon, 03 Feb 1997 02:06:55 EST." <199702030706.CAA07764@roundtable.cif.rochester.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1? Since the > libraries are similar, my guess without comparing code is that the bug > is there. yes, the bug does indeed appear in 2.1.6, at least. Here's an untested patch which SHOULD fix the problem, though: ----- Begin startup_setlocale.diff *** startup_setlocale.c 1997/02/03 07:40:46 1.1 --- startup_setlocale.c 1997/02/03 07:41:47 *************** *** 174,183 **** return(0); } ! (void) strcpy(name, PathLocale); ! (void) strcat(name, "/"); ! (void) strcat(name, encoding); ! (void) strcat(name, "/LC_CTYPE"); if ((fp = fopen(name, "r")) == NULL) return(ENOENT); --- 174,181 ---- return(0); } ! (void) snprintf(name, ! PATH_MAX, "%s/%s/LC_CTYPE", PathLocale, encoding); if ((fp = fopen(name, "r")) == NULL) return(ENOENT); ----- End of startup_setlocale.diff Note that there might be more problems, but I haven't got the time to test for them right now. :-( - Dan C.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970203074835.13187.qmail>