Bugtraq mailing list archives
at the risk of another flamefest..
From: hobbit () avian org (*Hobbit*)
Date: Mon, 15 Jul 1996 00:36:49 -0400
This one triggered my "old classic" filter. Your patch has
- char buf[256];
+ char *buf=alloca(strlen(name)+50);
and five lines later, the original code fragment
for (cp = name; *cp; )
n += *cp++;
Is this a family of mistakes that male programmers constantly make?? It's
doesn't matter how big your buffer is, it's how you USE it -- i.e. how you
limit what can be stuffed INTO it. Essentially unbounded processing of this
sort over areas that may not necessarily be conveniently zero-filled or
pre-terminated for you is one reason we have so many of these BUGS...
Maintaining perspective,
_H*
Current thread:
- CERT Advisory CA-96.13 - Vulnerability in the dip program, (continued)
- CERT Advisory CA-96.13 - Vulnerability in the dip program CERT Advisory (Jul 09)
- Re: CERT Advisory CA-96.13 - Vulnerability in the dip program Efrain Torres (Jul 09)
- FIRST Conference & Workshop Plans Ron Freund (Jul 09)
- rdist exploit [bsdi] Brian Mitchell (Jul 09)
- Re: rdist exploit [bsdi] Brian Tao (Jul 11)
- Re: rdist exploit [bsdi] Damien Sorder (Jul 11)
- Re: rdist exploit [bsdi] jaeger (Jul 12)
- Re: rdist exploit [bsdi] Andrew N. Edmond (Jul 13)
- Re: rdist exploit [bsdi] Andy Dills (Jul 13)
- Re: rdist exploit [bsdi] Brian Tao (Jul 14)
- at the risk of another flamefest.. *Hobbit* (Jul 14)
- Re: at the risk of another flamefest.. David Stagner (Jul 15)
- Re: at the risk of another flamefest.. Alan L. Wendt (Jul 15)
- hpux 10.0 remote administration Matthew G. Harrigan (Jul 15)
- CERT Advisory CA-96.13 - Vulnerability in the dip program CERT Advisory (Jul 09)
- Re: rdist exploit [bsdi] System Manager (Jul 13)
- Re: rdist exploit [bsdi] Tom Bowman (Jul 12)
- Re: rdist exploit [bsdi] Brian Tao (Jul 12)
- Re: rdist exploit [bsdi] Cosimo Leipold (Jul 13)
- Re: rdist exploit [bsdi] Jack Flory (Jul 13)
- Re: rdist exploit [bsdi] Chris Caputo (Jul 13)
- Re: rdist exploit [bsdi] Brian Mitchell (Jul 14)