Date: Mon, 2 Dec 2002 13:58:09 +0200 From: Peter Pentchev <roam@ringlet.net> To: hackers@FreeBSD.org Cc: audit@FreeBSD.org Subject: [CFR] diskpart(1) buffer overflow fix Message-ID: <20021202115809.GD372@straylight.oblivion.bg>
next in thread | raw e-mail | index | archive | help
--lkTb+7nhmha7W+c3 Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, As noted on the vuln-dev list recently, the diskpart(1) program in -stable is susceptible to a buffer overflow in the parsing of command-line arguments. This is a low-risk problem, since diskpart(1) is not - and has never been, and has no reason to ever be - a privileged program, but still, there should be no harm in fixing it :) Attached are two patches: a trivial one which just fixes up two problems in diskpart's argument parsing, and a more complex one, which does it "the right way" IMHO, using getopt(3). Comments? G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 =2Esiht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI --lkTb+7nhmha7W+c3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE960rR7Ri2jRYZRVMRAqUGAJ9rxkx1GtoWOm4+0Vr8JSiebpEJYwCfQuRI aL2w88/LULXk5GeP/ZW2kKI= =On5k -----END PGP SIGNATURE----- --lkTb+7nhmha7W+c3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021202115809.GD372>