Re: Security: gsu

From: Martin Baulig <martin home-of-linux org>
To: Chris Evans <chris ferret lmh ox ac uk>
Cc: Havoc Pennington <hp pobox com>, gnome-list gnome org, security-audit ferret lmh ox ac uk
Subject: Re: Security: gsu
Date: 25 Feb 1999 22:44:07 +0100

Am I correct that this

	read(user_supplied_data, password, -1)

equals to

	read(user_supplied_data, password, MAXINT-1)

since read () is declared as

extern ssize_t read __P ((int __fd, __ptr_t __buf, size_t __nbytes));

in <unistd.h> ?

I will change this to be `size_t len' in CVS - is this the correct fix,
a `size_t' should always be unsigned ?

Chris Evans <chris@ferret.lmh.ox.ac.uk> writes:

> Hi,
> 
> Will only affect if built without PAM support. (I think)
> 
> gsu-helper.c
> 
> Func: helper_read_password()
> {
>   char password[BUFSIZ];
>   int len;
> 
>   ... reads user supplied value into len ....
>   ... I'm a bad guy so I pick -1 :-) ---
> 
>   if (len+1 > BUFSIZ) { get_out };
> 
>   .. we pass the check ..
> 
>   read(user_supplied_data, password, len);
> 
> and oh dear :-)
> 
> The signed/unsigned issues seem to be cropping up more and more...
> 
> Chris
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.
> 

-- 
Martin Baulig - martin@home-of-linux.org - http://www.home-of-linux.org

Follow-Ups:
- Re: Security: gsu
  - From: Chris Evans

References:
- Security: gsu
  - From: Chris Evans

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]