URL:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=15300>
Summary: not paranoid enough about device name
Project: The GNU Hurd
Submitted by: sthibaul
Submitted on: lun 26.12.2005 à 23:48
Category: GNU Mach
Severity: 3 - Normal
Priority: 5 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Reproducibility: None
Size (loc): None
Effort: 0.00
_______________________________________________________
Details:
>From http://bugs.debian.org/113732
From: Marcus Brinkmann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: not paranoid enough about device name
Date: Fri, 28 Sep 2001 02:09:08 +0200
Package: gnumach
gnumach device_open is not paranoid enough about the device name. I haven't
tried it, but I think that having 128 non-digits with no trailing zero will
make gnumach run past the buffer in dev_name_lookup.
Maybe not worth fixing for gnumach (esp as opening a device requires the
device master port anyway). But it reminds me of the broader issue of the
necessity to audit the code, esp at the borders caused by user supplied
data.
Thanks,
Marcus
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=15300>
_______________________________________________
Message posté via/par Savannah
http://savannah.gnu.org/
_______________________________________________
Bug-hurd mailing list
Bug-hurd@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-hurd
