gnu/45168: Buffer overflow in /usr/bin/dialog
Nate Eldredge
nge at cs.hmc.edu
Thu Oct 13 14:30:28 PDT 2005
The following reply was made to PR gnu/45168; it has been noted by GNATS.
From: Nate Eldredge <nge at cs.hmc.edu>
To: bug-followup at FreeBSD.org, saturnero at freesbie.org
Cc: daveb at optusnet.com.au, freebsd-current at cs.hmc.edu
Subject: Re: gnu/45168: Buffer overflow in /usr/bin/dialog
Date: Thu, 13 Oct 2005 14:29:43 -0700 (PDT)
libdialog appears to be brimming with bugs of this sort. Lots of uses of
strcpy / strcat. It probably needs a complete audit. Ideally there
should be no MAX_LEN and everything dynamically allocated. I hope to god
it is never run by anything with elevated privileges.
--
Nate Eldredge
nge at cs.hmc.edu
More information about the freebsd-bugs
mailing list