Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Fwd: Any user can panic OpenBSD machine

Re: Fwd: Any user can panic OpenBSD machine

Todd C. Miller (Todd.MillerCOURTESAN.COM)
Mon, 27 Jul 1998 14:59:55 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eric Hunter: "Re: Microsoft Security Bulletin (MS98-008)"
Previous message: Warner Losh: "Re: Fwd: Any user can panic OpenBSD machine"
In reply to: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?=: "Re: Fwd: Any user can panic OpenBSD machine"
Next in thread: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?=: "Re: Fwd: Any user can panic OpenBSD machine"

In message <xzphg0357ze.fsfhrotti.ifi.uio.no>
        so spake  (dag-erli):

> /sys/kern/sys_generic.c:
>                 if (uap->iovcnt > UIO_MAXIOV)
>                         return (EINVAL);
>
> /sys/sys/uio.h:
> #define UIO_MAXIOV      1024            /* max 1K of iov's */
>
> -1 is rejected with EINVAL because 4294967295 > 1024.
>
> BTW, FreeBSD is immune, too. As a matter of fact, the original BSD
> version (SCCS ID "(#)sys_generic.c 8.5 (Berkeley) 1/21/94") has the
> check, so the OpenBSD folks must have f*d it up somewhere along the
> way.
>
> DES (aka desfreebsd.org)
> --
> Dag-Erling Smørgrav - dag-erliifi.uio.no

We are talking about uio_resid not uio_iovcnt.

 - todd

Next message: Eric Hunter: "Re: Microsoft Security Bulletin (MS98-008)"
Previous message: Warner Losh: "Re: Fwd: Any user can panic OpenBSD machine"
In reply to: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?=: "Re: Fwd: Any user can panic OpenBSD machine"
Next in thread: Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?=: "Re: Fwd: Any user can panic OpenBSD machine"