Bugtraq mailing list archives
Re: Fwd: Any user can panic OpenBSD machine
From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Mon, 27 Jul 1998 14:59:55 -0600
In message <xzphg0357ze.fsf () hrotti ifi uio no>
so spake (dag-erli):
/sys/kern/sys_generic.c:
if (uap->iovcnt > UIO_MAXIOV)
return (EINVAL);
/sys/sys/uio.h:
#define UIO_MAXIOV 1024 /* max 1K of iov's */
-1 is rejected with EINVAL because 4294967295 > 1024.
BTW, FreeBSD is immune, too. As a matter of fact, the original BSD
version (SCCS ID "@(#)sys_generic.c 8.5 (Berkeley) 1/21/94") has the
check, so the OpenBSD folks must have f*d it up somewhere along the
way.
DES (aka des () freebsd org)
--
Dag-Erling Smørgrav - dag-erli () ifi uio no
We are talking about uio_resid not uio_iovcnt. - todd
Current thread:
- Long attachment filename exploits: a procmail filter, (continued)
- Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
- Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
- FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
- Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
- who Paul Boehm (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 28)