Date: Thu, 29 Sep 2016 04:33:57 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ed Maste <emaste@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r305486 - head/usr.bin/bsdiff/bspatch Message-ID: <20160929083357.GC45358@mutt-hardenedbsd> In-Reply-To: <201609061900.u86J0bd4076628@repo.freebsd.org> References: <201609061900.u86J0bd4076628@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--KN5l+BnMqAQyZLvT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Sep 06, 2016 at 07:00:37PM +0000, Ed Maste wrote: > Author: emaste > Date: Tue Sep 6 19:00:37 2016 > New Revision: 305486 > URL: https://svnweb.freebsd.org/changeset/base/305486 >=20 > Log: > bspatch: add sanity checks on sizes to avoid integer overflow > =20 > Note that this introduces an explicit 2GB limit, but this was already > implicit in variable and function argument types. > =20 > This is based on the "non-cryptanalytic attacks against freebsd > update components" anonymous gist. Further refinement is planned. > =20 > Reviewed by: allanjude, cem, kib > Obtained from: anonymous gist > MFC after: 3 days > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D7619 Hey Ed, Any plans to release a security announcement? Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --KN5l+BnMqAQyZLvT Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX7NH1AAoJEGqEZY9SRW7urpYP/A4gXIr9fqa0TwRaJ1n2deI5 Uhu/0Q98eyx0kF8gWNgBgBFE+oCoNrLe9G2vBA++x8r7vGpAVahlLaIm9x2JZHXB DrV5c5SumYwr17nW83ce4H8NItTam6mRqC5xuA3yBF5SWTOgf/lWtfhdXW73VBT0 aVz3dwXojWn4cDMtOlDGh7zMZ0Utc3bvORFHXRZkePDsRtSRB3OaDaK+ruDJsbsP 3HOugXJ4hNb+cOReU3kpDxIzqk0Tr0k8xStruzqx2fWVqNAmJDhVwzmZcYG7mX79 CjzLjjnXRpKZuX/4uDpXQHXyhVFKLtozbMIlNbwN8Eiy1g9mW9Hb06t3AcSQPaO+ yoldG+kRhzkQnnE5GpJTjKUzVPmEyBmCJHTIURMjQpEfipkQZVPjo5Bl/Lkm9Zkl 06NRMjm0r9LuD7aG24wtFlLI1TeFtcHZrXao3Iun6WEIzgvpL6+NAzDuyCLklZHv DjfeBJp5wSiZGRsDj8hz0d95Zo9KJ/e9w1cSTMIeH3fjDCGex7ho509Y/2GxcZBs m784cUXwMuWQ03D7y1Olena4QMfT23Vyv4WEcNLu4zRcO8od/d4R7lX3WzJnR77L sRRJrUw4Kj1Kq304vMJsQ0vLXYyT7opewySBTl3L2rRSkW1gNDV0+H+IpUQ5g9pT Ekxrl//+R21y86WMtFof =lagG -----END PGP SIGNATURE----- --KN5l+BnMqAQyZLvT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160929083357.GC45358>