Re: Buffer Copy without Checking Size of Input (CVE-2016-6559)

[Paul Goyette <paul%whooppee.com@localhost>]

On Wed, 7 Dec 2016, Paul Goyette wrote:

> This was fixed in NetBSD several hours ago.

And here's the URL for diffs

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/net/linkaddr.c.diff?r1=1.16&r2=1.20&only_with_tag=MAIN&f=h


Note that there were a series of changes, dealing with ensuring that the 
return value from link_ntoa() is always properly NUL-terminated, even if 
the value is truncated due to a too-small buffer.  (The man page was 
also updated separately.)


> On Wed, 7 Dec 2016, kuehro%posteo.de@localhost wrote:
>
> > > I just noticed this post:
> > > https://www.kb.cert.org/vuls/id/548487
> > > ...
> > > Is someone working on this?
> >
> > The side-by-side view of yesterdays fix in FreeBSD looks like this:
> >
> > https://svnweb.freebsd.org/base/head/lib/libc/net/linkaddr.c?r1=288045&r2=309639
> >
> > and their original version was quite similar to the one in NetBSD.
> >
> > Kai-Uwe
>
> +------------------+--------------------------+------------------------+
> | Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
> | (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
> | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
> +------------------+--------------------------+------------------------+
>
> !DSPAM:5847c4df203711806613605!

+------------------+--------------------------+------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:      |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+------------------+--------------------------+------------------------+