Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Fwd: Any user can panic OpenBSD machine

Re: Fwd: Any user can panic OpenBSD machine

Warner Losh (impVILLAGE.ORG)
Mon, 27 Jul 1998 15:38:24 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Previous message: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
In reply to: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Next in thread: Felix Schroeter: "Re: Fwd: Any user can panic OpenBSD machine"

In message <199807271932.NAA05034xerxes.courtesan.com> "Todd
C. Miller" writes:
: That's not correct behavior either.  iov_len is unsigned so making it
: -1 (which is the unsigned value 4294967295) should not be an error.

It should at least return EFAULT, which is documented for things that
fall outside of the processes address space.

However, on FreeBSD the man pages states:
     [EINVAL]      One of the iov_len values in the iov array was
                   negative.
     [EINVAL]      The sum of the iov_len values in the iov array
                   overflowed a 32-bit integer.

Even though the values are declared u_int, they seem to be used in the
code as signed numbers (maybe that's a problem), so return EINVAL for
a number, cast to signed, that is negative seems appropriate.

Warner

Next message: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Previous message: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
In reply to: Todd C. Miller: "Re: Fwd: Any user can panic OpenBSD machine"
Next in thread: Felix Schroeter: "Re: Fwd: Any user can panic OpenBSD machine"