On Mon, Mar 03, 2003 at 07:45:03PM -0500, Branden Robinson wrote: > On Mon, Mar 03, 2003 at 04:19:48PM -0500, Benjamin A.Okopnik wrote: > > I was just trying to demonstrate something that used to be an old security > > hole, the "MANPATH" overflow on "xman" - and it segfaulted out on me. A > > little testing shows the boundary: > > > > [EMAIL PROTECTED]:~$ perl -we'$a = "a" x 8192; `MANPATH=$a xman`' > > Xman Error: No manual pages found. > > [EMAIL PROTECTED]:~$ perl -we'$a = "a" x 8193; `MANPATH=$a xman`' > > Segmentation fault > > > > I guess it somehow got "unfixed"... > > FYI, I cannot reproduce this problem on PowerPC: > > [0] [EMAIL PROTECTED]:~ % perl -we'$a = "a" x 8192; `MANPATH=$a xman`' > Xman Error: No manual pages found. > [0] [EMAIL PROTECTED]:~ % perl -we'$a = "a" x 8193; `MANPATH=$a xman`' > Xman Error: No manual pages found. > [0] [EMAIL PROTECTED]:~ % perl -we'$a = "a" x 8194; `MANPATH=$a xman`' > [0] [EMAIL PROTECTED]:~ % uname -a > Linux redwald 2.4.19-powerpc #1 Mon Sep 9 09:01:43 EDT 2002 ppc unknown > unknown GNU/Linux
I can't reproduce it with the recipe above, but that's just because nothing is printing the error message: it does still segfault. Try this instead, which reproduces it here on i386 with xbase-clients 4.2.1-5: [EMAIL PROTECTED] ~]$ MANPATH=`perl -we'print "a" x 8192'` xman Xman Error: No manual pages found. [EMAIL PROTECTED] ~]$ MANPATH=`perl -we'print "a" x 8193'` xman Segmentation fault -- Colin Watson [EMAIL PROTECTED]
