[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: netscape bug

To: [email protected]
Subject: Re: netscape bug
From: [email protected] (Tom Weinstein)
Date: Fri, 22 Sep 1995 17:49:11 -0700
Cc: [email protected]
In-Reply-To: "Perry E. Metzger"'s message of 21 Sep 1995 22:45:04 PDT
Reply-To: [email protected]
Sender: [email protected]

I said:

In article <[email protected]>, "Perry E. Metzger" <[email protected]> writes:

>> I can tell you in general terms -- I don't write MIPS assembler
>> myself. However, I will point out to you that you use an ancient
>> Sendmail, and that it uses syslog(3) on user produced data, and that
>> syslog uses a static buffer. Trick sendmail into logging something
>> very big, and you can do what you like. The 8lgm people wrote a demo
>> for Sparc as a proof of concept.

> Hmm, after having looked at the syslogd code, it looks like this
> particular bug has been fixed for at least several years.  However,
> there sure are a hell of a lot of fixed size buffers being alocated off
> the stack and some of them are being used in unsafe ways.

Whoops.  Having done a little more checking, it appears that this bug
does indeed occur in all current version of Irix.  There's a patch for
it (patch 825) that will be out imminently.

-- 
Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
we *do* anything.  --  Washington DC motto             |  [email protected]

Prev by Date: RE: RNG Resource FAQ (was Re: "random" number seeds vs. Netscape)
Next by Date: Re: Pitfall in producing random numbers
Prev by thread: Re: netscape bug
Next by thread: Re: netscape bug
Index(es):
- Date
- Thread