oss-sec mailing list archives

Re: incorrect upstream fix for CVE-2009-0840 (mapserver)

From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 22 Jun 2009 15:46:28 +0200

Hi,
* Nico Golde <oss-security+ml () ngolde de> [2009-06-22 15:45]:
[...]

Unfortunately this doesn't fix the issue and I wonder why people always think
changing signed types to unsigned will fix such errors.
If I pass 0xffffffff as the content-length according to type conversion rules
in C atoi() will convert this to -1 which is again converted to 0xffff when

                                                            0xffffffff^^
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde (Jun 22)
- Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde (Jun 22)
- Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Alan Boudreault (Jun 25)