Date: Wed, 12 Dec 2001 11:50:39 +0200 From: Peter Pentchev <roam@ringlet.net> To: Mike Heffner <mheffner@vt.edu> Cc: freebsd-gnats-submit@freebsd.org, Marc Olzheim <marcolz@ilse.nl>, FreeBSD-bugs <freebsd-bugs@freebsd.org> Subject: Re: bin/19422: users can overflow argv to make ps segfault Message-ID: <20011212115039.B934@straylight.oblivion.bg> In-Reply-To: <XFMail.20011211231854.mheffner@vt.edu>; from mheffner@vt.edu on Tue, Dec 11, 2001 at 11:18:54PM -0500 References: <XFMail.20011211231854.mheffner@vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 11, 2001 at 11:18:54PM -0500, Mike Heffner wrote: > > Well, I've looked at this a little more. I was able to reproduce it (it > took a few times though). Unfortunately, the patch isn't as simple as the > one in the PR. Could you please try the attached patch? There is still a > problem though, and that is that the strlen()s can seg. fault if the > argv[] strings aren't NULL terminated - I don't know how to fix this > problem though :( If argv[] is the program arguments' array, as passed to main(), then you should not worry about it - its elements are supposed to be proper C strings, i.e. terminated by a '\0' character, and I still have to see a platform where they are not :) G'luck, Peter -- This sentence would be seven words long if it were six words shorter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011212115039.B934>