OB1
Dimitry Andric
dim at FreeBSD.org
Tue Jun 24 15:28:17 UTC 2014
On 24 Jun 2014, at 16:28, Royce Williams <royce at tycho.org> wrote:
> On Mon, Jun 23, 2014 at 10:49 PM, Dimitry Andric <dim at freebsd.org> wrote:
>> On 24 Jun 2014, at 06:17, dt71 at gmx.com wrote:
>>> Speaking of backdoors...
>>>
>>> lib/libugidfw/ugidfw.c:
>>>> if (len < 0 || len > left)
>>>
>>> ):<
>>
>> Well, it's just another off-by-one, no need for conspiracy theories. :)
>>
>> Btw, I'd mailed about this in 2011 already, but it really isn't very
>> important. The only consumer is ugidfw, and then only to print out the
>> parsed rules.
>
> I'm a relative C newbie. Could someone post what the fix would look like?
Just replace all the "len > left" expressions with "len >= left".
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20140624/4a474d2b/attachment.sig>
More information about the freebsd-hackers
mailing list