Date: Sun, 02 Mar 2008 01:48:17 +0100 From: Dan Lukes <dan@obluda.cz> To: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Cc: freebsd-security@freebsd.org, sipherr@gmail.com Subject: Re: *BSD user-ppp local root (when conditions permit) Message-ID: <47C9F951.3090408@obluda.cz> In-Reply-To: <eJwztaR4hgj0LBOZtN1f3kC2qd8@49l6neKHPg6j4SHeejH198Klzys> References: <20080229163903.3680.qmail@securityfocus.com> <eJwztaR4hgj0LBOZtN1f3kC2qd8@49l6neKHPg6j4SHeejH198Klzys>
next in thread | previous in thread | raw e-mail | index | archive | help
Eygene Ryabinkin napsal/wrote, On 03/02/08 00:06: >> 1. Run ppp >> 2. type the following (or atleat some variation of) ... > Yes, good catch: looks like stack-based buffer overflow > Could you please test the following rough patch It seems you are going to cut of part of line silently. IMHO - the line shall be rejected as invalid at all or warning needs to be issued at least ... Someone may create so long line (unintentionally), it will not work for him with no hint why - it's not so polite ... Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47C9F951.3090408>