Date: Wed, 2 Aug 2000 09:22:44 +0100 From: Nik Clayton <nik@freebsd.org> To: Brian Fundakowski Feldman <green@FreeBSD.org> Cc: Kris Kennaway <kris@hub.freebsd.org>, "Chris D. Faulhaber" <jedgar@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/security/fuzz Makefile ports/security/fuzz/files md5 ports/security/fuzz/patches patch-aa ports/security/fuzz/pkg COMMENT DESCR PLIST Message-ID: <20000802092244.A67002@catkin.nothing-going-on.org> In-Reply-To: <Pine.BSF.4.21.0008012237580.98183-100000@green.dyndns.org>; from green@FreeBSD.org on Tue, Aug 01, 2000 at 10:41:12PM -0400 References: <Pine.BSF.4.21.0008011856110.95122-100000@hub.freebsd.org> <Pine.BSF.4.21.0008012237580.98183-100000@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 01, 2000 at 10:41:12PM -0400, Brian Fundakowski Feldman wrote:
> I'm gonna see what bugs I can find with fuzz in the non-gnu stuff, of
> course starting with your suggestions, and I'll post any specifics to
> -audit. I encourage anyone else who's looking for some useful things
> to do to join -audit, too!
Theo posted the following list to Bugtraq. Presumably you can snarf the
fixes from their tree:
<theo>
nc (netcat)
- lack of buffer termination in code where it fakes
argument parsing from stdin, causing strchr to run
off the end
- fixed
mg
- did not like stdin being redirected, and crashed
in terminal initialization
- fixed
ctags
- about 18 buffer overflows in token parsing
- fixed
lex
- looks like 2 buffer overflows based on strcpy in parsing
routines.
- looks difficult to fix: not yet fixed.
as
- indexing into an array using signed char's: fixed
- other bugs exist which trigger some assert()s,
but since we are moving to a new version soon, we'll
skip fixing those for now.
makeinfo
- part of texinfo. buffer overflow. still being
looked at.
sort
- infinite loop when fed a single (and long) non-NL
terminated line
- not fixed yet
indent
- infinite loop if it encountered EOF while waiting for
a '}' nesting terminator
- fixed
rdist
- leaves /tmp files created using mkstemp() around
- still trying to fix this
- note that our rdist has not been setuid or setgid for
roughly half of eternity
cvsbug
- leaves /tmp files lying around when terminating due to
no action possible
- fixed
sendbug
- leaves /tmp files lying around when terminating due to
no action possible
- fixed
</theo>
N
--
Internet connection, $19.95 a month. Computer, $799.95. Modem, $149.95.
Telephone line, $24.95 a month. Software, free. USENET transmission,
hundreds if not thousands of dollars. Thinking before posting, priceless.
Somethings in life you can't buy. For everything else, there's MasterCard.
-- Graham Reed, in the Scary Devil Monastery
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000802092244.A67002>