Date: Tue, 24 Jun 2014 06:28:08 -0800 From: Royce Williams <royce@tycho.org> To: Dimitry Andric <dim@freebsd.org> Cc: dt71@gmx.com, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: OB1 Message-ID: <CA%2BE3k90ppWcvudxB4evGUfmQEYnRoodsEg54hwTZTyoRTRTdJQ@mail.gmail.com> In-Reply-To: <12DA5575-B773-4D28-83BB-5AD1F1C84469@FreeBSD.org> References: <20140622135308.GF1824@pwnie.vrt.sourcefire.com> <53A8FBD7.8000900@gmx.com> <12DA5575-B773-4D28-83BB-5AD1F1C84469@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 23, 2014 at 10:49 PM, Dimitry Andric <dim@freebsd.org> wrote: > On 24 Jun 2014, at 06:17, dt71@gmx.com wrote: >> Speaking of backdoors... >> >> lib/libugidfw/ugidfw.c: >>> if (len < 0 || len > left) >> >> ):< > > Well, it's just another off-by-one, no need for conspiracy theories. :) > > Btw, I'd mailed about this in 2011 already, but it really isn't very > important. The only consumer is ugidfw, and then only to print out the > parsed rules. I'm a relative C newbie. Could someone post what the fix would look like? Royce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BE3k90ppWcvudxB4evGUfmQEYnRoodsEg54hwTZTyoRTRTdJQ>