Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Critical Security Problem in 4.4BSD crt0
From: tenser () SPITFIRE ECSEL PSU EDU (Dan Cross)
Date: Mon, 3 Feb 1997 02:48:34 -0500


Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1?  Since the
libraries are similar, my guess without comparing code is that the bug
is there.

yes, the bug does indeed appear in 2.1.6, at least.  Here's an untested
patch which SHOULD fix the problem, though:

----- Begin startup_setlocale.diff
*** startup_setlocale.c 1997/02/03 07:40:46     1.1
--- startup_setlocale.c 1997/02/03 07:41:47
***************
*** 174,183 ****
                return(0);
        }

!       (void) strcpy(name, PathLocale);
!       (void) strcat(name, "/");
!       (void) strcat(name, encoding);
!       (void) strcat(name, "/LC_CTYPE");

        if ((fp = fopen(name, "r")) == NULL)
                return(ENOENT);
--- 174,181 ----
                return(0);
        }

!       (void) snprintf(name,
!               PATH_MAX, "%s/%s/LC_CTYPE", PathLocale, encoding);

        if ((fp = fopen(name, "r")) == NULL)
                return(ENOENT);
-----  End of startup_setlocale.diff

Note that there might be more problems, but I haven't got the time
to test for them right now.  :-(

        - Dan C.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]