Date: Mon, 3 Feb 1997 04:08:55 -0500 (EST) From: spork <spork@super-g.com> To: Dan Cross <tenser@spitfire.ecsel.psu.edu> Cc: freebsd-security@freebsd.org Subject: Re: Critical Security Problem in 4.4BSD crt0 Message-ID: <Pine.BSF.3.95.970203040747.18920A-100000@super-g.inch.com> In-Reply-To: <19970203074835.13187.qmail@spitfire.ecsel.psu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
What would happen if the "safe" 2.2 library were used under 2.1.6? It certainly compiles OK... Or am I smoking crack here? Charles On Mon, 3 Feb 1997, Dan Cross wrote: > > Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1? Since the > > libraries are similar, my guess without comparing code is that the bug > > is there. > > yes, the bug does indeed appear in 2.1.6, at least. Here's an untested > patch which SHOULD fix the problem, though: > > ----- Begin startup_setlocale.diff > *** startup_setlocale.c 1997/02/03 07:40:46 1.1 > --- startup_setlocale.c 1997/02/03 07:41:47 > *************** > *** 174,183 **** > return(0); > } > > ! (void) strcpy(name, PathLocale); > ! (void) strcat(name, "/"); > ! (void) strcat(name, encoding); > ! (void) strcat(name, "/LC_CTYPE"); > > if ((fp = fopen(name, "r")) == NULL) > return(ENOENT); > --- 174,181 ---- > return(0); > } > > ! (void) snprintf(name, > ! PATH_MAX, "%s/%s/LC_CTYPE", PathLocale, encoding); > > if ((fp = fopen(name, "r")) == NULL) > return(ENOENT); > ----- End of startup_setlocale.diff > > Note that there might be more problems, but I haven't got the time > to test for them right now. :-( > > - Dan C. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970203040747.18920A-100000>