Re: netbsd vulnerabilities

From: Andrew R. Reiter (arr@watson.org)
Date: 09/08/01 

Date: Sat, 8 Sep 2001 07:24:16 -0400 (EDT)
From: "Andrew R. Reiter" <arr@watson.org>
To: Alfred Perlstein <bright@mu.org>

In defense of that, that'd work obviously, I was just going for the route
that best reflected the man page (and should therefore reflect how it is
used by a user). the man page states taht nsops is unsigned... the sem.h
prototype states that, yet in semop_args and in the function, we
essentially make it signed. checking for < 0 is a solution, but i guess I
was thinking for more along the lines of getting that code a bit more
cleaned up. I just think it's minorly confusing that what a man page
states, really isn't... Either way will clear it up tho :-)

Andrew

On Sat, 8 Sep 2001, Alfred Perlstein wrote:

:* Andrew R. Reiter <arr@watson.org> [010908 05:44] wrote:
:> Hey,
:>
:> The attached code fixes the semop bug which is specified in the recent
:> NetBSD security announcement. I'm not positive about hte naming scheme
:> wanted by all in terms of: size_t vs. unsigned int vs. unsigned. I made
:> it u_int b/c i saw in sysproto.h that there seemed to be more u_int's
:> instead of size_t's :-) Great logic.
:
:Uh, why don't you just compare the int arg against 0, if it's less than
:then just return EINVAL.
:
:-Alfred
:

*-------------.................................................
| Andrew R. Reiter
| arr@fledge.watson.org
| "It requires a very unusual mind
| to undertake the analysis of the obvious" -- A.N. Whitehead

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Quantcast