Bugtraq mailing list archives
libX11/libXt buffer overflows and R6.3 fix-02
From: qralston+ () PITT EDU (James Crawford Ralston)
Date: Thu, 24 Jul 1997 13:44:35 -0400
Has anyone [else] taken a good, hard look at XC's fix-02 to see if it fixes the buffer overflows which were found? In particular, I compared fix-02 against the patch Alex Belits posted to the list on May 29. I *think* the XC caught all of the buffer overflows in some way or another, but as far as I can tell, they didn't take care of the "NULL pointer + small offset dereference which caused most of programs to dump core on startup if opening display failed" (Alex's words). At any rate, I'm building R6.3 public-patch-2 now; when I get the build installed somewhere, I'll see if I can break it. Alex's message (including the patch) is easily located in the BUGTRAQ archive at <URL:http://www.netspace.org/lsv-archive/bugtraq.html>, so I won't include it here. -- James Crawford Ralston \ qralston+ () pitt edu \ Systems and Networks [CIS] University of Pittsburgh \ 600 Epsilon Drive \ Pittsburgh PA 15238-2887 "Computer, you and I need to have a little talk." - O'Brien, ST:DS9
Current thread:
- libX11/libXt buffer overflows and R6.3 fix-02 James Crawford Ralston (Jul 24)