Date: Tue, 24 Jun 2014 17:27:46 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Royce Williams <royce@tycho.org> Cc: dt71@gmx.com, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: OB1 Message-ID: <0788DB21-6F15-46D4-A4CB-F95008D736E9@FreeBSD.org> In-Reply-To: <CA%2BE3k90ppWcvudxB4evGUfmQEYnRoodsEg54hwTZTyoRTRTdJQ@mail.gmail.com> References: <20140622135308.GF1824@pwnie.vrt.sourcefire.com> <53A8FBD7.8000900@gmx.com> <12DA5575-B773-4D28-83BB-5AD1F1C84469@FreeBSD.org> <CA%2BE3k90ppWcvudxB4evGUfmQEYnRoodsEg54hwTZTyoRTRTdJQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_0F02A87B-0942-4DF8-B267-0E5BFE3DE192 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On 24 Jun 2014, at 16:28, Royce Williams <royce@tycho.org> wrote: > On Mon, Jun 23, 2014 at 10:49 PM, Dimitry Andric <dim@freebsd.org> wrote: >> On 24 Jun 2014, at 06:17, dt71@gmx.com wrote: >>> Speaking of backdoors... >>> >>> lib/libugidfw/ugidfw.c: >>>> if (len < 0 || len > left) >>> >>> ):< >> >> Well, it's just another off-by-one, no need for conspiracy theories. :) >> >> Btw, I'd mailed about this in 2011 already, but it really isn't very >> important. The only consumer is ugidfw, and then only to print out the >> parsed rules. > > I'm a relative C newbie. Could someone post what the fix would look like? Just replace all the "len > left" expressions with "len >= left". -Dimitry --Apple-Mail=_0F02A87B-0942-4DF8-B267-0E5BFE3DE192 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlOpmP4ACgkQsF6jCi4glqNMawCg7rUHBN/aotod/KnxMYHyVyOz WDMAoOPIgLpBcZFvPys8BgHHrYFqpCk2 =fCBd -----END PGP SIGNATURE----- --Apple-Mail=_0F02A87B-0942-4DF8-B267-0E5BFE3DE192--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0788DB21-6F15-46D4-A4CB-F95008D736E9>