Bugtraq mailing list archives
Re: Fwd: Any user can panic OpenBSD machine
From: imp () VILLAGE ORG (Warner Losh)
Date: Mon, 27 Jul 1998 15:38:24 -0600
In message <199807271932.NAA05034 () xerxes courtesan com> "Todd
C. Miller" writes:
: That's not correct behavior either. iov_len is unsigned so making it
: -1 (which is the unsigned value 4294967295) should not be an error.
It should at least return EFAULT, which is documented for things that
fall outside of the processes address space.
However, on FreeBSD the man pages states:
[EINVAL] One of the iov_len values in the iov array was
negative.
[EINVAL] The sum of the iov_len values in the iov array
overflowed a 32-bit integer.
Even though the values are declared u_int, they seem to be used in the
code as signed numbers (maybe that's a problem), so return EINVAL for
a number, cast to signed, that is negative seems appropriate.
Warner
Current thread:
- Re: Fwd: Any user can panic OpenBSD machine Jason Thorpe (Jul 27)
- <Possible follow-ups>
- Re: Fwd: Any user can panic OpenBSD machine Michael Graff (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Warner Losh (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine J.R. Valverde (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
- netscape mail overflow(another one) Paul Boehm (Jul 28)
- Re: netscape mail overflow(another one) Brett Glass (Jul 28)
- Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
- HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
- Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
- Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
- FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)