Op 5 nov. 2011 om 00:46 heeft Ted Unangst <t...@tedunangst.com> het volgende geschreven:
> On Fri, Nov 04, 2011, Johan Ryberg wrote: >> Hi >> >> Just read this: http://securityreason.com/achievement_securityalert/102 >> >> Claiming that OpenBSD 5.0 is affected >> >> Is it? > > "Red Hat does not consider crash of client application, using regcomp() > or regexec() routines on untrusted input without preliminary checking > the input for the sanity, to be a security issue." > > I am, to some extent, inclined to agree. glob() has similar problems > which have been fixed because it's frequently used with naughty inputs. > regcomp() is different, I think. libc is really not the right layer to > be doing input validation. > > This is a bug in proftpd more than anything else IMO. Yes, although there definitely could be made some improvements to the way out of memory conditions are handled. The use of assert here is ugly. There are also some expressions that could overflow. I need to find some time to dig into these. -Otto
