Date: Sun, 05 May 2002 23:27:49 +0100 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: ReDeeMeR <g0tr00t@usa.net>, <FreeBSD-security@FreeBSD.ORG> Subject: Re: Buffer overflow in /usr/games/strfile Message-ID: <5.0.2.1.1.20020505224651.00afbd78@popserver.sfu.ca> In-Reply-To: <20020505213314.8762.qmail@uwdvg007.cms.usa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Given that this is not a security issue -- as you point out, "no extra privileges can be gained" -- this is rather off-topic for -security; nevertheless, it is less so than discussions of mailing list sender restrictions, so I'll go ahead and respond. If you look at http://www.freebsd.org/cgi/cvsweb.cgi/src/games/fortune/strfile/strfile.c you'll see the CVS log for the file in question. At present it shows that the latest change was made six weeks ago; your change has not been incorporated. This isn't really surprising, since FreeBSD is run by volunteers, and unless they are either provided with a patch or convinced that an issue is vitally important, nothing is likely to happen. You've described a problem, worked out how to fix it, described how to fix it... but you haven't completed the final two steps: Generating a patch, and submitting it as part of a Problem Report. So, here's what you should do: 1. Generate a patch for src/games/fortune/strfile/strfile.c. This means running `diff -c` on the original file and your fixed version. 2. Use send-pr to generate a problem report. Make sure the synopsis field starts with [PATCH], and run send-pr with the -a option to include your patch file. 3. Wait until a committer notices your pr and incorporates your patch. I'd also suggest that you read http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/article.html and http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributing/contrib-how.html Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20020505224651.00afbd78>