|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Andrew Thompson (thompsa
nz.FreeBSD.org)
Date: Thu Dec 03 2009 - 13:15:06 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, Dec 03, 2009 at 08:06:40PM +0100, Timo Schoeler wrote:
> On 12/03/2009 08:01 PM, Pieter de Boer wrote:
> > Jamie Landeg Jones wrote:
> >>
> >> However, I'd still apply the patch in case some other way to exploit
> >> the non-checking of the unsetenv return status crops up elsewhere.
> >>
> >> It can't do any harm.
> >
> > The problem with that is, on 6.x, unsetenv() returns 'void', so there's
> > no return value to check on.
> >
> > On 6.x (I've looked at 6.4-RELEASE-p7, it may be different in other
> > versions), the unsetenv() uses __findenv() in a while loop to remove the
> > given setting. The getenv() function also uses __findenv() to find the
> > given environment setting. The issue described in the advisory simply
> > doesn't exist in 6(.4-RELEASE-p7).
>
> patch doesn't complain on the diff, but compiling gives me the following
> error on 6.4-STABLE (i386):
To quote the advisory
"Affects: FreeBSD 7.0 and later."
Andrew
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]