Re: OB1

看板FB_hackers作者dim.時間11年前 (2014/06/25 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串4/4 (看更多)

--Apple-Mail=_0F02A87B-0942-4DF8-B267-0E5BFE3DE192 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On 24 Jun 2014, at 16:28, Royce Williams <royce@tycho.org> wrote: > On Mon, Jun 23, 2014 at 10:49 PM, Dimitry Andric <dim@freebsd.org> wrote: >> On 24 Jun 2014, at 06:17, dt71@gmx.com wrote: >>> Speaking of backdoors... >>> >>> lib/libugidfw/ugidfw.c: >>>> if (len < 0 || len > left) >>> >>> ):< >> >> Well, it's just another off-by-one, no need for conspiracy theories. :) >> >> Btw, I'd mailed about this in 2011 already, but it really isn't very >> important. The only consumer is ugidfw, and then only to print out the >> parsed rules. > > I'm a relative C newbie. Could someone post what the fix would look like? Just replace all the "len > left" expressions with "len >= left". -Dimitry --Apple-Mail=_0F02A87B-0942-4DF8-B267-0E5BFE3DE192 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iEYEARECAAYFAlOpmP4ACgkQsF6jCi4glqNMawCg7rUHBN/aotod/KnxMYHyVyOz WDMAoOPIgLpBcZFvPys8BgHHrYFqpCk2 =fCBd -----END PGP SIGNATURE----- --Apple-Mail=_0F02A87B-0942-4DF8-B267-0E5BFE3DE192--

‣ 返回看板[ FB_hackers ] BSD

‣ 更多 dim. 的文章

文章代碼(AID): #1JgRpVPv (FB_hackers)