Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)

To: kuehro%posteo.de@localhost
Subject: Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
From: Paul Goyette <paul%whooppee.com@localhost>
Date: Wed, 7 Dec 2016 16:13:36 +0800 (PHT)

This was fixed in NetBSD several hours ago.

On Wed, 7 Dec 2016, kuehro%posteo.de@localhost wrote:

I just noticed this post:
https://www.kb.cert.org/vuls/id/548487
...
Is someone working on this?


The side-by-side view of yesterdays fix in FreeBSD looks like this:

https://svnweb.freebsd.org/base/head/lib/libc/net/linkaddr.c?r1=288045&r2=309639

and their original version was quite similar to the one in NetBSD.

Kai-Uwe





!DSPAM:5847c185285302011024860!


+------------------+--------------------------+------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+

Follow-Ups:
- Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
  - From: Paul Goyette

References:
- Buffer Copy without Checking Size of Input (CVE-2016-6559)
  - From: Pierre Pronchery
- Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
  - From: kuehro

Prev by Date: Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
Next by Date: Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
Previous by Thread: Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
Next by Thread: Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)
Indexes:

Home | Main Index | Thread Index | Old Index