Re: Fwd: Any user can panic OpenBSD machine

From: Dag-Erling Coidan Smørgrav (dag-erliat_private)
Date: Mon Jul 27 1998 - 13:55:49 PDT

Next message: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"

Previous message: Michael Fuhr: "Re: Fwd: Any user can panic OpenBSD machine"
Maybe in reply to: Michael Fuhr: "Fwd: Any user can panic OpenBSD machine"
Next in thread: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Todd C. Miller" <Todd.Millerat_private> writes:
> In message <v6pver2kl7.fsfat_private>
>         so spake Michael Graff (explorer):
> > I tested a NetBSD/i386-1.3.2 machine just now, which also returned
> > EINVAL.
> That's not correct behavior either.  iov_len is unsigned so making it
> -1 (which is the unsigned value 4294967295) should not be an error.

Not at all:

/sys/kern/sys_generic.c:
                if (uap->iovcnt > UIO_MAXIOV)
                        return (EINVAL);

/sys/sys/uio.h:
#define UIO_MAXIOV      1024            /* max 1K of iov's */

-1 is rejected with EINVAL because 4294967295 > 1024.

BTW, FreeBSD is immune, too. As a matter of fact, the original BSD
version (SCCS ID "@(#)sys_generic.c 8.5 (Berkeley) 1/21/94") has the
check, so the OpenBSD folks must have f*d it up somewhere along the
way.

DES (aka desat_private)
--
Dag-Erling Smørgrav - dag-erliat_private

Next message: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Previous message: Michael Fuhr: "Re: Fwd: Any user can panic OpenBSD machine"
Maybe in reply to: Michael Fuhr: "Fwd: Any user can panic OpenBSD machine"
Next in thread: Chris Wedgwood: "Re: Fwd: Any user can panic OpenBSD machine"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:08:31 PDT