| -----Original Message-----
| From: Tom [mailto:tomlemuria.org]
| Sent: Monday, June 10, 2002 4:20 AM
| To: bugtraqsecurityfocus.com
| Subject: remote DoS in Mozilla 1.0
|

[...]

|
| Vendor Contact
| ==============

[...]

| also filed with the XFree86 team, no reaction so far
|
|

There is chatter but the same type of question regarding "at what point [is]
a request for a font ... clearly invalid" is being asked.

---------- Forwarded message ----------
Date: Thu, 13 Jun 2002 09:46:56 +0100
From: Juliusz Chroboczek <jecdcs.ed.ac.uk>
Reply-To: xpertXFree86.Org
To: xpertXFree86.Org
Subject: Re: [Xpert]abort() in libXfont 4.2.0 (was FW: remote DoS in
    Mozilla 1.0)

From: Juliusz Chroboczek <jecdcs.ed.ac.uk>
Subject: Re: [bugtraq] remote DoS in Mozilla 1.0
To: develxfree86.org
Date: 12 Jun 2002 08:51:49 +0100

MH> Interesting problem reported on bugtraq:
MH> <http://online.securityfocus.com/archive/1/276120>

I see. Two bugs here.

One is the dodgy error-handling in the Type 1 backend, which gives up
by calling abort() (see the very end of curves.c). I agree that this
is a bug; however, as I'm hoping to phase out the current Type 1
backend in favour of one based on FreeType 2 in time for 4.3.0, I do
not intend to fix it.

The other problem is that we do not fail a priori requests for very
large fonts. I do agree that this should be done, and I think it
should be done at the common layer (above the font backends); could
anyone suggest at what point a request for a font is clearly invalid?

                                        Juliusz

_______________________________________________
Xpert mailing list
XpertXFree86.Org
http://XFree86.Org/mailman/listinfo/xpert

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]