Date: Thu, 29 Oct 1998 11:13:15 -0800 (PST) From: Archie Cobbs <archie@whistle.com> To: synk@swcp.com (Brendan Conoboy) Cc: freebsd-security@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re: getpwnam() problem? Message-ID: <199810291913.LAA26982@bubba.whistle.com> In-Reply-To: <199810281914.MAA07942@kitsune.swcp.com> from Brendan Conoboy at "Oct 28, 98 12:14:20 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Brendan Conoboy writes: > A couple weeks ago I filled out a little bug report with the GNATS > form, but it's received no attention (maybe I should have marked it as > critical?). Anyway, since it may well be security related, I wanted to > point it out here. The condensed version is that if getpwnam() is > given a very large string (say a few thousand characters) it will > sigsegv or sigbus. This is true for 2.2.7-stable (as of a few weeks > ago) and 3.0-release. Perhaps it's nothing, perhaps it's something, > but it certainly doesn't happen on a whole slew of other OSes. The > problem report is at: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=8176 I've located the bug and supplied a patch in a followup... Very simple bug, someone please commit in 2.2 and 3.0. Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810291913.LAA26982>