oss-sec mailing list archives
Re: incorrect upstream fix for CVE-2009-0840 (mapserver)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Mon, 22 Jun 2009 15:46:28 +0200
Hi, * Nico Golde <oss-security+ml () ngolde de> [2009-06-22 15:45]: [...]
Unfortunately this doesn't fix the issue and I wonder why people always think changing signed types to unsigned will fix such errors. If I pass 0xffffffff as the content-length according to type conversion rules in C atoi() will convert this to -1 which is again converted to 0xffff when
0xffffffff^^ -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde (Jun 22)
- Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Nico Golde (Jun 22)
- Re: incorrect upstream fix for CVE-2009-0840 (mapserver) Alan Boudreault (Jun 25)