Bugtraq mailing list archives
Re: Fwd: Any user can panic OpenBSD machine
From: Todd.Miller () COURTESAN COM (Todd C. Miller)
Date: Mon, 27 Jul 1998 14:59:55 -0600
In message <xzphg0357ze.fsf () hrotti ifi uio no> so spake (dag-erli):
/sys/kern/sys_generic.c: if (uap->iovcnt > UIO_MAXIOV) return (EINVAL); /sys/sys/uio.h: #define UIO_MAXIOV 1024 /* max 1K of iov's */ -1 is rejected with EINVAL because 4294967295 > 1024. BTW, FreeBSD is immune, too. As a matter of fact, the original BSD version (SCCS ID "@(#)sys_generic.c 8.5 (Berkeley) 1/21/94") has the check, so the OpenBSD folks must have f*d it up somewhere along the way. DES (aka des () freebsd org) -- Dag-Erling Smørgrav - dag-erli () ifi uio no
We are talking about uio_resid not uio_iovcnt. - todd
Current thread:
- Long attachment filename exploits: a procmail filter, (continued)
- Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
- Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
- FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
- Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
- who Paul Boehm (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 28)