Bugtraq mailing list archives
Re: Fwd: Any user can panic OpenBSD machine
From: dag-erli () IFI UIO NO (Dag-Erling Coidan Smørgrav)
Date: Mon, 27 Jul 1998 23:08:40 +0200
"Todd C. Miller" <Todd.Miller () courtesan com> writes:
In message <xzphg0357ze.fsf () hrotti ifi uio no> so spake (dag-erli):/sys/kern/sys_generic.c: if (uap->iovcnt > UIO_MAXIOV) return (EINVAL);We are talking about uio_resid not uio_iovcnt.
*thwap* my mistake. The relevant piece of code is: /sys/kern/sys_generic.c: auio.uio_resid = 0; for (i = 0; i < uap->iovcnt; i++) { auio.uio_resid += iov->iov_len; if (auio.uio_resid < 0) { error = EINVAL; goto done; } iov++; } and since, as someone pointed out, iov->iov_len is a size_t, it doesn't make sense to check for negative values of auio.uio_resid. The problem arises from auio.uio_resid being an int rather than a size_t. DES (open mouth, insert foot, echo internationally) -- Dag-Erling Smørgrav - dag-erli () ifi uio no
Current thread:
- Re: small bug in 5/98 distribution Sun 4070627, (continued)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- Re: small bug in 5/98 distribution Sun 4070627 Brandon Hume (Jul 26)
- Re: small bug in 5/98 distribution Sun 4070627 Casper Dik (Jul 27)
- FW: Alert: Arbitrary code execution via email or news Patrick Oonk (Jul 27)
- ISS Security Advisory -- MS Exchange 5.x Jon Larimer (Jul 27)
- [ NT SECURITY ALERT ] New Local GetAdmin Exploit MJE (Jul 27)
- Microsoft Security Bulletin (MS98-009) Aleph One (Jul 28)
- Microsoft Security Bulletin (MS98-008) Aleph One (Jul 27)
- Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine David Maxwell (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Dag-Erling Coidan Smørgrav (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Michael Fuhr (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Angelos D. Keromytis (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Theo de Raadt (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- Re: small bug in 5/98 distribution Sun 4070627 Eugene Bradley (Jul 24)
- Re: Fwd: Any user can panic OpenBSD machine Alfred Huger (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Perry E. Metzger (Jul 28)
- CERT Vendor-Initiated Bulletin VB-98.07 - OpenVMS.LOGINOUT (fwd) Phillip R. Jaenke (Jul 28)